Sunday, April 1, 2012

Running LinOTP On CentOS 6.2

This howto will show how you can set up LinOTP on CentOS 6.2. LinOTP is a modular and flexible solution for two factor authentication with one time passwords. This howto uses the community packages that are available at the python package index PyPI.
yum install mysql-server
/etc/init.d/mysqld start
Create a new database:
mysql -u root
mysql> create database LinOTP2;
Query OK, 1 row affected (0.00 sec)
mysql> grant all privileges on LinOTP2.* to 'linotp'@'localhost' identified by 'goodSecret';
Query OK, 0 rows affected (0.01 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
We now need to install some more packages:
yum install MySQL-python
yum install http mod_wsgi mod_ssl
yum install python-setuptools
...and download the pip tool, which we will use to install LinOTP:
tar -zxf pip-1.1.tar.gz
cd pip-1.1
python install
LinOTP has a RADIUS token, so we need to install the python radius packages:
pip install pyrad
We also need to create some directories:
mkdir /var/log/linotp/
mkdir /var/ssl/private/
Now we prepared everything to install the LinOTP stuff. This is also decribed on
sudo pip install linotp linotpuseridresolver
Edit the file /etc/linotp2/linotp.ini to access the database you just created.
sqlalchemy.url = mysql://linotp:goodSecret@localhost/LinOTP2
The OTP Keys are encrypted within the database. So create an encryption key:
dd if=/dev/random of=/etc/linotp2/encKey bs=1 count=96
You are now ready to create the database tables. This is done using paster:
paster setup-app /etc/linotp2/linotp.ini
OK. You are done, now! You can easily check the LinOTP installation by starting the server using the paster command:
paster serve /etc/linotp2/linotp.ini
Use your browser to go to http://localhost:5001/manage and you will be able to see the management interface, create a useridresolver with your /etc/passwd, create a realm and enroll a token for a user from your /etc/passwd.
Verify authenticating by going to http://localhost:5001/auth/index.
You probably want SSL encryption and authentication for the management. ;-)
So please follow the instructions on how to run LinOTP from within the apache webserver.

No comments:

Post a Comment