Running LinOTP On CentOS 6.2

Want to support HowtoForge? Become a subscriber!
 
Submitted by cornelinux (Contact Author) (Forums) on Mon, 2012-03-26 16:39. :: CentOS | Security

Running LinOTP On CentOS 6.2

This howto will show how you can set up LinOTP on CentOS 6.2. LinOTP is a modular and flexible solution for two factor authentication with one time passwords. This howto uses the community packages that are available at the python package index PyPI.

yum install mysql-server
/etc/init.d/mysqld start

Create a new database:

mysql -u root

mysql> create database LinOTP2;

Query OK, 1 row affected (0.00 sec)

mysql> grant all privileges on LinOTP2.* to 'linotp'@'localhost' identified by 'goodSecret';

Query OK, 0 rows affected (0.01 sec)

mysql> flush privileges;

Query OK, 0 rows affected (0.00 sec)

We now need to install some more packages:

yum install MySQL-python
yum install http mod_wsgi mod_ssl
yum install python-setuptools

...and download the pip tool, which we will use to install LinOTP:

wget http://pypi.python.org/packages/source/p/pip/pip-1.1.tar.gz#md5=62a9f08dd5dc69d76734568a6c040508
tar -zxf pip-1.1.tar.gz
cd pip-1.1
python setup.py install

LinOTP has a RADIUS token, so we need to install the python radius packages:

pip install pyrad

We also need to create some directories:

mkdir /var/log/linotp/
mkdir /var/ssl/private/

Now we prepared everything to install the LinOTP stuff. This is also decribed on linotp.org:

sudo pip install linotp linotpuseridresolver

Edit the file /etc/linotp2/linotp.ini to access the database you just created.

sqlalchemy.url = mysql://linotp:goodSecret@localhost/LinOTP2

The OTP Keys are encrypted within the database. So create an encryption key:

dd if=/dev/random of=/etc/linotp2/encKey bs=1 count=96

You are now ready to create the database tables. This is done using paster:

paster setup-app /etc/linotp2/linotp.ini

OK. You are done, now! You can easily check the LinOTP installation by starting the server using the paster command:

paster serve /etc/linotp2/linotp.ini

Use your browser to go to http://localhost:5001/manage and you will be able to see the management interface, create a useridresolver with your /etc/passwd, create a realm and enroll a token for a user from your /etc/passwd.

Verify authenticating by going to http://localhost:5001/auth/index.

You probably want SSL encryption and authentication for the management. ;-)

So please follow the instructions on how to run LinOTP from within the apache webserver.


Copyright (c) 2012 Cornelius Kölbel
Permission is granted to copy, distribute and/or modify the content of
this page under the terms of the GNU Free Documentation License, Version 1.2
or any later version published by the Free Software Foundation; with no
Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
A copy of the license is available at http://www.gnu.org/licenses/fdl.html
add comment | view as pdf view as pdf | Display a printer-friendly version of this page. print
Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.