.. _installing_from_rpm: Installing on RHEL or CentOS v7 (64bit) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The LinOTP components are available via rpm repositories. You can use this method to install the LinOTP server on Red Hat Enterprise Linux / CentOS 7 (64bit). The package architecture is modular. The LinOTP server package doesn't contain drivers or configuration files for databases or web servers, but there are several packages which provide these additions. The repositories are hosted on linotp.org. Download a package to install the necessary yum repositories:: yum localinstall http://linotp.org/rpm/el7/linotp/x86_64/Packages/LinOTP_repos-1.1-1.el7.x86_64.rpm This package contains the following repositories in /etc/yum.repos.d/linotp.repo:: [linotp] name=KeyIdentity LinOTP Packages for Enterprise Linux 7 - $basearch baseurl=http://linotp.org/rpm/el7/linotp/x86_64 enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LINOTP-7 [linotp-dependencies] name=KeyIdentity LinOTP Packages required for Enterprise Linux 7 baseurl=http://linotp.org/rpm/el7/dependencies/x86_64 enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-LINOTP-7 These repositories provide the LinOTP server software (linotp) and packages build by KeyIdentity with software from other open source projects which are dependencies needed by LinOTP (linotp-dependencies). Furthermore some packages are needed from EPEL (Extra Packages for Enterprise Linux) which is maintained by Fedora and has to be enabled for a successfull LinOTP installation: https://fedoraproject.org/wiki/EPEL Activate EPEL on the system: .. code:: yum install epel-release.noarch If you don't want to enable EPEL, KeyIdentity provides a repository for support customers which contains all packages from EPEL for your LinOTP installation. This ensures that you get a consistent repository maintained by KeyIdentity. The packages from the enterprise repository are signed with the LinOTP GPG key. Please contact KeyIdentity to receive further information: https://www.keyidentity.com/about/contact-us/ The use of SELinux is supported, you can use the default setting (enforcing). The SELinux configuration for LinOTP is provided by the package LinOTP_apache (see below). In case you don't want to use this package please apply following rules:: semanage fcontext -a -t httpd_sys_content_t "/etc/linotp2(/.*)?" semanage fcontext -a -t httpd_sys_rw_content_t "/etc/linotp2/data(/.*)?" semanage fcontext -a -t httpd_sys_rw_content_t "/var/log/linotp(/.*)?" restorecon -Rv /etc/linotp2/ restorecon -Rv /var/log/linotp setsebool -P httpd_can_network_connect_db on setsebool -P httpd_can_connect_ldap on Before you start the installation, please make sure the network setup for the server is accurate and the server name is resolved correctly. .. note:: The desired database is not installed automatically with the LinOTP package. In case you would like to use MariaDB as LinOTP database, you can install the database on the same or a remote server:: yum update yum install mariadb-server The LinOTP packages can be installed by:: yum install LinOTP # contains LinOTP core, useridresolver # and smsprovider yum install LinOTP_mariadb # installs the mariadb client, drivers # and a setup script .. note:: With the package LinOTP_mariadb you'll get the script linotp-create-mariadb which can be used to create a database and if not present a new encryption key. Instead of MariaDB you can also use PostgreSQL or Oracle as your token database. For PostgreSQL you can install another package:: yum install LinOTP_postgresql .. note:: This package contains only the client and the driver for PostgreSQL but not the PostgreSQL server. You can install it by executing yum install postgresql-server The PostgreSQL server must allow password authentication. Please consult the PostgreSQL documentation for further information: https://www.postgresql.org/docs/ To use Oracle as your token database please contact KeyIdentity: https://www.keyidentity.com/about/contact-us/ For support customers KeyIdentity provides installation instructions for the oracle client and a RPM package which contain the necessary drivers. You can also create the token database manually as described in section :ref:`setup_token_database`. In case you like to use databases as UserIdResolvers, you also have to install the LinOTP packages for the databases mentioned above. For more details about UserIdResolvers please see :ref:`manageclientuseridresolvers`. During installation of the LinOTP package you'll get a fixed version of the package python-repoze-who from the LinOTP repositories. For further system updates you have to lock this package:: yum install yum-plugin-versionlock yum versionlock python-repoze-who For integration with Apache you can use a separate package which provides examples of configuration files for the ssl and the wsgi configuration:: yum install LinOTP_apache Please use the template ``ssl_linotp.conf.template`` to adapt or create your Apache configuration. To create a config file ``wsgi_linotp.conf`` from ``wsgi_linotp.conf.template`` is no longer necessary since LinOTP 2.8.1.3. The template is located in ``/etc/httpd/conf.d``. The entries in ``ssl_linotp.conf.template`` for the SSL certificate files of course should be changed to guarantee a secure service because they point to a default configuration. For the first login to LinOTP please use following credentials:: admin/Tio1LApw You can change the login credentials as follows:: htdigest /etc/linotp2/admins "LinOTP2 admin area" admin The python package python-ldap which will be used when your users are located in an LDAP or Active Directory is installed automatically as a requirement of the LinOTP package.