Commit | Line | Data |
---|---|---|
7910ec9b RK |
1 | # KaiRo.at Auth Server |
2 | This authentication server solution aims to provide a login service based on Auth2 to run on your own servers and use in your websites. | |
3 | It's written in PHP and should work with recent PHP5 as well as PHP7, and the web UI should work in modern browsers and down to IE8. | |
4 | ||
5 | For installing, do the follwing: | |
6 | ||
7 | * git clone git@github.com:KaiRo-at/authserver.git | |
8 | * cd authserver | |
9 | * composer install | |
10 | * git clone git@github.com:KaiRo-at/php-utility-classes.git | |
11 | ||
12 | After that, integrate a config similar to [vhost.authserver.conf](etc/apache/vhost.authserver.conf) to your Apache configuration, | |
13 | create a user and empty MySQL database for the authentication service, | |
14 | copy [auth_settings.json](etc/kairo/auth_settings.json) to /etc/kairo and adapt it to your needs. | |
15 | ||
16 | You'll have to at least put in the database name/user/password and insert one nonce into the array, generated with |openssl rand -base64 48|. | |
17 | Note: if you have a security issue that could have someone else read the settings file, add a new nonce at the end of the array. NEVER remove a nonce or existing passwords will all be invalid! | |
18 | People's password hashes will be migrated to the new nonce when they log in the next time. | |
19 | The system of having a nonce saved on disk in addition to the salt that is included in the password in the database increases security by needing a hacker to get both the database and the on-disk configuration to even do offline brute-force cracking attempts. | |
20 | ||
21 | If you want to use Piwik with this service, either install it via composer or use a distribution-provided package and point the Apache config and settings to it. | |
22 | ||
23 | Please don't use GitHub for issue tracking but http://bugzilla.kairo.at/ - Product: KaiRo Software, Component: Authentication Service |