How to install the WiKID Community Edition 3.x

Requirements

• Postgresql, iptables
  
• Sun's Java 6 JDK from Sun. UPDATE: The OpenJDK has been tested and is working! (Use --nodeps)
  
• We're currently recommending the OpenJDK due to this bug which might cause minor delays in certificate creation.
  
• If using Sun's JDK:  Java JCE Unlimited Strength Jurisdiction Policy files
  
• Testing was done on Redhat Enterprise Linux Version 5 & 6 and Centos 5.
  

Hardware Requirements

• 8+ gigs of hard drive space.
• A Redhat flavor of Linux such as RHEL or Centos
  
• 1 gig of RAM (2 gigs if using replicatoin)
  
• 2 Ethernet connections
  
• Moderate CPU required
• These hardware specs are for production. The server has been tested in a 256 meg RAM vmware image.

Doing the work

1. Install required software
   

yum install postgresql postgresql-libs postgresql-jdbc postgresql-server postgresql-pl compat-libstdc++-296 ntp system-config-date perl-libwww-perl

2. Download and install the JDK.  You can now use OpenJDK.   If you use Sun's JDK, be sure to download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files or else the certificate generation will not work.

3. Make sure that alternatives has the correct Java:

/usr/sbin/alternatives --install /usr/bin/java java /usr/java/latest/bin/java 2

/usr/sbin/alternatives --config java

4. Test that the system is using the correct Java:

java -version

5. Download the WiKID rpms from Sourceforge and install them. You will need both the wikid-server-community-3.xx.rpm and the wikid-utility rpm.
   

su -c rpm -ivh wikid-*

6. If you haven't already, be sure to initialize the database:

   # service postgresql initdb

7. Setup the WiKID server. The WiKID token clients communicate with the WiKID via port 80 (https is not needed because the PINs and OTPs are asymmetrically encrypted, so you will need a routable IP address. If you are just testing, then just make sure that the PC running the client can get to the server.

/opt/WiKID/bin/wikidctl setup

The script will pick up your existing network settings, walk you through them and create an SSL cert for the server.
8. Once setup, start the server

/opt/WiKID/bin/wikidctl start

9. Go to https:///WiKIDAdmin/ to complete the set up. From here, you can follow the standard documentation. If you like short docs, I recommend the Quickstart Cheatsheet:

More Information

You may need to install the JCE Unlimited Strength Jurisdiction Policy Files to avoid the "Illegal Key Size error".

The WiKID software token clients require port 80. You can use NAT, but it needs to be routable for the token clients. The following services may only need internal access based on your needs:

• The WiKIDAdmin uses 443.
• wAuth uses 8388
• LDAP uses 10389
• TACACS+ uses 49

Disclaimer

We test this stuff on our own machines, really we do. But you may run into problems, if you do, come to #fedora on irc.freenode.net

Added Reading

• WiKID Community Edition website.
• WiKID technology and architecture.
• <Troubleshooting WiKID>
  
• How to add WiKID two-factor authentication to a variety of services.