How To Install The WiKID Strong Authentication System On Slackware

Want to support HowtoForge? Become a subscriber!
 
Submitted by nowen (Contact Author) (Forums) on Tue, 2009-04-07 11:56. :: Linux | Security

How To Install The WiKID Strong Authentication System On Slackware

Tested on Slackware 12.2, 2.6.28.7-grsec, PostgreSQL 8.3.6, postgresql-8.3-604.jdbc4

Note: Some of the configuration scripts included with WiKID are designed for Redhat and friends, several steps in this guide focus on modifying these scripts for Slackware as well as working around some of them.

 

1. PostgreSQL

Slackware does not package Postgres, so we will need to grab a third-party package from www.linuxpackages.net, or your favorite Slackware package site. This guide was tested on PostgreSQL 8.3.6. Install the package like so:

installpkg postgresql-<version>-<arch>.tgz

Start PostgreSQL:

chmod +x /etc/rc.d/rc.postgresql
/etc/rc.d/rc.postgresql start

 

2. Sun Java Development Kit(JDK)

Slackware does not package this either, but we can get it from Sun. This guide was tested with JDK version 1.6_12. Download the JDK bin package from here: http://java.sun.com/javase/downloads/index.jsp. The bin package is a self extracting archive which will unpack itself in the working directory when executed. WiKID likes the JDK to be at /opt/jdk, so, the path of least resistance is to copy the jdk binary to the opt folder, like so:

cp jdk-6u12-linux-i586.bin /opt
cd /opt
chmod +x jdk-6u12-linux-i586.bin # mark it executable
./jdk-6u12-linux-i586.bin # extract it
ln -s jdk1.6_12 jdk # create the symlink for /opt/jdk

 

3. For those running a PaX/GRSec kernel:

You will need to disable mprotect on the java and keytool binaries. This can be done using paxctl(http://pax.grsecurity.net), like so:

paxctl -C /opt/jdk1.6_12/bin/java
paxctl -m /opt/jdk1.6_12/bin/java
paxctl -C /opt/jdk1.6_12/bin/keytool
paxctl -m /opt/jdk1.6_12/bin/keytool

 

4. Installing WiKID Enterprise Server

Once you have the WiKID Enterprise Server RPM's, install them as follows:

rpm -iv wikid-utilities-<version>-noarch.rpm --nodeps
rpm -iv wikid-enterprise-server-<version>-noarch.rpm --nodeps

 

5. Installing the PostgreSQL JDBC connector

Download the connector version that matches your PostgreSQL version and JDK version. Move the connector to /opt/WiKID/lib. We will need to create a symlink in order for Java to find the connector, like so:

cd /opt/jdk1.6_12/jre/lib/ext
ln -s /opt/WiKID/lib/postgresql-8.3-604.jdbc4.jar .

 

6. Configuring WiKID

Here comes the fun part, hacking the configuration scripts. The first thing we need to do is fix 2 mktemp calls in /opt/WiKID/sbin/wikidserver_config.sh and /opt/WiKID/sbin/load_db.sh.

wikidserver_config.sh should read

tmpfile='mktemp'

init_db.sh should read

TMPLOG='mktemp' || exit 1 

Now we can go ahead and run wikidserver_config.sh:

/opt/WiKID/sbin/wikidserver_config.sh

Next we can run wikid-firstboot.sh:

/opt/WiKID/conf/templates/wikid-firstboot.sh

There is an additional schema update script under /opt/WiKID/conf/database/migrations called cumulative.sql. This script is supposed to run when WiKID is started, however, I have come across instances where it hasn't caused the WiKID server to freak out, we are going to run it manually like so:

psql -U postgres -d wikid -f /opt/WiKID/conf/database/migrations/cumulative.sql

wikidctl setup requires an /etc/sysconfig directory, even though this directory serves no purpose in Slackware, we are going to create it so wikidctl can setup the server:

mkdir -p /etc/sysconfig

Now you can go ahead and run

/opt/WiKID/bin/wikidctl setup

Be sure to restart PostgreSQL once you are done.

Now you can go ahead and start the server:

opt/WiKID/bin/wikidctl start

We now need to modify a jsp file for iptables support. If you have iptables installed and are currently using it, open /opt/WiKID/tomcat/Webapps/WiKIDAdmin/finalProcessNetworkClient.jsp in a test editor and modify:

String[] firewallRules = {"/sbin/iptables -I INPUT -p tcp -m state --state NEW -j ACCEPT -m tcp --dport 8388 -s " + ip,
"/sbin/iptables -I INPUT -p tcp -m state --state NEW -j ACCEPT -m tcp --dport 10389 -s " + ip,
"/sbin/iptables -I INPUT -p tcp -m state --state NEW -j ACCEPT -m tcp --dport 636 -s " + ip,
"/sbin/iptables -I INPUT -p tcp -m state --state NEW -j ACCEPT -m tcp --dport 49 -s " + ip,
"/sbin/iptables -I INPUT -p tcp -m state --state NEW -j ACCEPT -m tcp --dport 1812 -s " + ip,
"/sbin/iptables -I INPUT -p udp -m state --state NEW -j ACCEPT -m udp --dport 1812 -s " + ip,

to point to the correct location of the iptables binary on your system.

If you are not using iptables, comment out the code following it, like so:

//for (int i = 0; i < firewallRules.length; i++) {
//    Runtime.getRuntime().exec(firewallRules[i]);
//}

One last thing, if you would like to use the update script, you need to install Perl LWP. This can be done by running the following:

cpan LWP

That's all!

Thanks to Elazar Broad for this contribution.

Related:


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.