PRIVACYIDEA

PRIVACYIDEA

 

privacyIDEA is an open solution for strong two-factor authentication like

OTP tokens, SMS, smartphones or SSH keys.

Using privacyIDEA you can enhance your existing applications like local login

(PAM, Windows Credential Provider),

VPN, remote access, SSH connections, access to web sites or web portals with

a second factor during authentication. Thus boosting the security of your

existing applications.

 

It supports a wide variety of authentication devices like OTP tokens

(HMAC, HOTP, TOTP, OCRA, mOTP), Yubikey (HOTP, TOTP, AES), FIDO U2F devices

like Yubikey and Plug-Up, smartphone

Apps like Google Authenticator, FreeOTP, Token2  or TiQR,

SMS, Email, SSH keys, x509 certificates

and Registration Codes for easy deployment.

 

Setup

=====

You can setup the system in a virtual environment::

 

   git clone https://github.com/privacyidea/privacyidea.git

   cd privacyidea

   virtualenv venv

   source venv/bin/activate

   pip install -r requirements.txt

 

Read the install instructions at http://privacyidea.readthedocs.org.

 

Running it

==========

 

Create the database and encryption key::

 

Before running createdb please do the below changes in /etc/privacyidea/pi.conf file.

 

===========================================================

SQLALCHEMY_DATABASE_URI = ‘postgresql://privacyidea:password@172.16.1.80:9999/privacyidea’

SQLALCHEMY_POOL_SIZE = 20

SQLALCHEMY_POOL_TIMEOUT = 3600

SQLALCHEMY_POOL_RECYCLE = 86400

 

#SQLALCHEMY_DATABASE_URI  = ‘psycopg2.connect(database=”privacyidea”, user=”privacyidea”, password=”password”, host=”172.16.1.80″, port=”9999″)’

 

#SQLALCHEMY_DATABASE_URI = ‘psycopg2://privacyidea:password@172.16.1.80:9999/privacyidea’

SECRET_KEY = ‘test1’

# This is used to encrypt the admin passwords

PI_PEPPER = “test1”

# This is used to encrypt the token data and token passwords

PI_ENCFILE = ‘/etc/privacyidea/enckey’

# This is used to sign the audit log

PI_AUDIT_KEY_PRIVATE = ‘/etc/privacyidea/private.pem’

PI_AUDIT_KEY_PUBLIC = ‘/etc/privacyidea/public.pem’

PI_LOGFILE = ‘/var/log/privacyidea/privacyidea.log’

#CRITICAL = 50

#ERROR = 40

#WARNING = 30

#INFO = 20

#DEBUG = 10

PI_LOGLEVEL = 20

============================================================

 

   ./pi-manage createdb

   ./pi-manage create_enckey

 

Create the key for the audit log::

 

   ./pi-manage create_audit_keys

 

Create the first administrator::

 

   ./pi-manage admin add <username>

 

Run it::

 

./pi-manage runserver -h <servername>  -p <port>   > /dev/null 2>&1 &

 

DATABASE

postgres=#CREATE USER owncloud WITH PASSWORD ‘password’;

postgres=# create database privacyidea;

postgres=# GRANT CONNECT ON DATABASE owncloud TO privacyidea;

postgres=# GRANT ALL PRIVILEGES ON DATABASE privacyidea TO privacyidea;

postgres=#GRANT ALL PRIVILEGES ON DATABASEowncloud  TO privacyidea;

 

STARTING PRIVACYDATA SERVER

root@owncloud1:/opt/privacyidea/privacyidea-venv/bin/python ./pi-manage.py runserver -h 172.16.1.217 -p 5000 > /dev/null 2>&1 &

Advertisements