Documents in SpanKey Server

WebADM Administrator Guide

1. Product Documentation This document is a configuration guide for RCDevs WebADM. The reader should notice that this document is not a guide for configuring WebADM applications (Web Services and WebApps). Specific application guides are available through the RCDevs online documentation library. WebADM installation and setup is not covered by this guide and is documented in the RCDevs WebADM Installation Guide. 2. Product Overview WebADM is a powerful Web-based LDAP administration software designed for professionals to manage LDAP Organization resources such as domain users and groups.


1. Manager API The Manager interface provides access to some WebADM user management functions and operations exported by your registered applications. The Manager also allows external systems such as Web portals to remotely trigger user management operations and actions from the network. The user management functions provide LDAP operations such as object creation, update, removal, WebADM settings and data management, etc… The method names for internal management functions are in the form Manager_Method.


How To Install and Configure PAM OpenOTP Plugin to Enable Multifactor Authentication on Linux Machines Simple login flow Push Login flow 1. Background On Unix-like systems, processes such as the OpenSSH daemon need to authenticate the user and learn a few things about him or her (user ID, home directory, …). Authentication is done through a mechanism called Pluggable Authentication Modules, and retrieving information about users (or even groups, hostnames, …) is done through another mechanism, called the Name Service Switch.

SpanKey Upgrade Guide from version 1.x.x to 2.x.x

1. Introduction In this documentation, we will see how to upgrade SpanKey Server and Client from version 1 to version 2. Note SpanKey Server v1 and v2 can work with both SpanKey Client v1 and v2 for NSS request only. For SSH key management features, you must use matching Server and Client versions. 2. Upgrade SpanKey Server In this document, we will upgrade the Spankey Server from v1.0.3-6 to v2.

Feitian ePass NFC

SSH Authentication with a Feitian ePass NFC/FIDO/U2F Security Key Feitian ePass NFC FIDO U2F Security Key can work as a Generic Identity Device Specification (GIDS) smart card. There also are many other manufacturers and card models to which these instructions can be applied, but the specific tools to initialize the card can be different. In this how-to we will prepare a USB/NFC hardware key for SSH authentication and register the device in WebADM.

Smart Card - PIV

Authentication with a Yubikey Smart Card / PIV In this How-To we will configure a user in WebADM for using a PIV key. We need a WebADM server already configured. 1. Import the Inventory We need to create a inventory file like this: "Type","Reference","Description","DN","Data","Status" "PIV Device","<ID1>","PIV Yubikey","","PublicKey=<pub_key1>","Valid" "PIV Device","<ID2>","PIV Yubikey","","PublicKey=<pub_key2>","Valid" "PIV Device","<ID3>","PIV Yubikey","","PublicKey=<pub_key3>","Valid" For my test, I have a Yubikey Nano with a PIV certificate and I use yubico-piv-tool for the management of the Yubikey, but it can works with other PIV keys.

SpanKey SSH Key Management

1. Overview SpanKey is a centralized SSH key server for OpenSSH, which stores and maintains SSH public keys in a centralized LDAP directory (i.e. Active Directory). With SpanKey there is no need to distribute, manually expire or maintain the public keys on the servers. Instead, the SpanKey agent is deployed on the servers and is responsible for providing the users’ public keys on-demand. The SpanKey server provides per-host access control with “server tagging”, LDAP access groups, centralized management from the RCDevs WebADM console, shared accounts, privileged users (master keys), recovery keys… It supports public key expiration with automated workflows for SSH key renewal (via Self-Services).