Running LinOTP On CentOS 6.2

This howto will show how you can set up LinOTP on CentOS 6.2. LinOTP is a modular and flexible solution for two factor authentication with one time passwords. This howto uses the community packages that are available at the python package index PyPI.

yum install mysql-server
/etc/init.d/mysqld start

Create a new database:

mysql -u root
mysql> create database LinOTP2;
Query OK, 1 row affected (0.00 sec)
mysql> grant all privileges on LinOTP2.* to 'linotp'@'localhost' identified by 'goodSecret';
Query OK, 0 rows affected (0.01 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

We now need to install some more packages:

yum install MySQL-python
yum install http mod_wsgi mod_ssl
yum install python-setuptools

…and download the pip tool, which we will use to install LinOTP:

tar -zxf pip-1.1.tar.gz
cd pip-1.1
python install

LinOTP has a RADIUS token, so we need to install the python radius packages:

pip install pyrad

We also need to create some directories:

mkdir /var/log/linotp/
mkdir /var/ssl/private/

Now we prepared everything to install the LinOTP stuff. This is also decribed on

sudo pip install linotp linotpuseridresolver

Edit the file /etc/linotp2/linotp.ini to access the database you just created.

sqlalchemy.url = mysql://linotp:[email protected]/LinOTP2

The OTP Keys are encrypted within the database. So create an encryption key:

dd if=/dev/random of=/etc/linotp2/encKey bs=1 count=96

You are now ready to create the database tables. This is done using paster:if(typeof __ez_fad_position != ‘undefined’){__ez_fad_position(‘div-gpt-ad-howtoforge_com-medrectangle-4-0’)};

paster setup-app /etc/linotp2/linotp.ini

OK. You are done, now! You can easily check the LinOTP installation by starting the server using the paster command:

paster serve /etc/linotp2/linotp.ini

Use your browser to go to http://localhost:5001/manage and you will be able to see the management interface, create a useridresolver with your /etc/passwd, create a realm and enroll a token for a user from your /etc/passwd.

Verify authenticating by going to http://localhost:5001/auth/index.

You probably want SSL encryption and authentication for the management. 😉

So please follow the instructions on how to run LinOTP from within the apache webserver.if(typeof __ez_fad_position != ‘undefined’){__ez_fad_position(‘div-gpt-ad-howtoforge_com-box-4-0’)};

About the Author

Leave a Reply