Running LinOTP On CentOS 6.2

This howto will show how you can set up LinOTP on CentOS 6.2. LinOTP is a modular and flexible solution for two factor authentication with one time passwords. This howto uses the community packages that are available at the python package index PyPI.

yum install mysql-server
/etc/init.d/mysqld start

Create a new database:

mysql -u root
mysql> create database LinOTP2;
Query OK, 1 row affected (0.00 sec)
mysql> grant all privileges on LinOTP2.* to 'linotp'@'localhost' identified by 'goodSecret';
Query OK, 0 rows affected (0.01 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

We now need to install some more packages:

yum install MySQL-python
yum install http mod_wsgi mod_ssl
yum install python-setuptools

...and download the pip tool, which we will use to install LinOTP:

wget http://pypi.python.org/packages/source/p/pip/pip-1.1.tar.gz#md5=62a9f08dd5dc69d76734568a6c040508
tar -zxf pip-1.1.tar.gz
cd pip-1.1
python setup.py install

LinOTP has a RADIUS token, so we need to install the python radius packages:

pip install pyrad

We also need to create some directories:

mkdir /var/log/linotp/
mkdir /var/ssl/private/

Now we prepared everything to install the LinOTP stuff. This is also decribed on linotp.org:

sudo pip install linotp linotpuseridresolver

Edit the file /etc/linotp2/linotp.ini to access the database you just created.

sqlalchemy.url = mysql://linotp:goodSecret@localhost/LinOTP2

The OTP Keys are encrypted within the database. So create an encryption key:

dd if=/dev/random of=/etc/linotp2/encKey bs=1 count=96

You are now ready to create the database tables. This is done using paster:

paster setup-app /etc/linotp2/linotp.ini

OK. You are done, now! You can easily check the LinOTP installation by starting the server using the paster command:

paster serve /etc/linotp2/linotp.ini

Use your browser to go to http://localhost:5001/manage and you will be able to see the management interface, create a useridresolver with your /etc/passwd, create a realm and enroll a token for a user from your /etc/passwd.

Verify authenticating by going to http://localhost:5001/auth/index.

You probably want SSL encryption and authentication for the management. ;-)

So please follow the instructions on how to run LinOTP from within the apache webserver.

Share this page:

2 Comment(s)