I followed the steps in your guide, mixed with an old one from howtoforge. I documented all the steps since I want to write a Debian 8 howto:
- aptitude install libjpeg-dev zlib1g-dev python-dev \
libffi-dev libssl-dev libxslt1-dev virtualenv gcc \
mysql-server freeradius libconfig-inifiles-perl \
libdata-dump-perl libtry-tiny-perl libconfig-json-perl \
libjson-perl libmysqlclient-dev apache2 libapache2-mod-wsgi
- virtualenv /opt/privacyidea
- cd /opt/privacyidea
- source bin/activate
- pip install privacyidea
- pip install MySQL-python
- pip install click
- mysql -u root -p
create database pi;
grant all privileges on pi.* to "pi"@"localhost" identified by "XXX";
flush privileges;
quit;
- mkdir /etc/privacyidea
- useradd -r privacyidea
- cp etc/privacyidea/* /etc/privacyidea/
- vi /etc/privacyidea/pi.cfg
import logging
# The realm, where users are allowed to login as administrators
SUPERUSER_REALM = ['super']
# Your database
#SQLALCHEMY_DATABASE_URI = 'sqlite:////etc/privacyidea/data.sqlite'
# This is used to encrypt the auth_token
#SECRET_KEY = 't0p s3cr3t'
# This is used to encrypt the admin passwords
#PI_PEPPER = "Never know..."
# This is used to encrypt the token data and token passwords
PI_ENCFILE = '/etc/privacyidea/enckey'
# This is used to sign the audit log
# This is the dummy base class
#PI_AUDIT_MODULE = 'privacyidea.lib.auditmodules.base'
# This is the default
#PI_AUDIT_MODULE = 'privacyidea.lib.auditmodules.sqlaudit'
# This is used to sign the audit log
PI_AUDIT_KEY_PRIVATE = '/etc/privacyidea/private.pem'
PI_AUDIT_KEY_PUBLIC = '/etc/privacyidea/public.pem'
PI_LOGFILE = '/var/log/privacyidea/privacyidea.log'
PI_LOGLEVEL = logging.INFO
PI_PEPPER = 'X'
SECRET_KEY = 'X'
SQLALCHEMY_DATABASE_URI = 'mysql://pi:XXX@localhost/pi'
- pi-manage create_enckey
- pi-manage create_audit_keys
- pi-manage createdb
- pi-manage admin add admin@localhost
- privacyidea-fix-access-rights -f /etc/privacyidea/pi.cfg -u privacyidea
- a2enmod ssl
- vi /etc/apache2/sites-available/privacyidea.conf
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
# You might want to change this