for quite some time I have been using FreeIPA to manage 2FA tokens (TOTP, Yubikey, SMS/eMail). As part of my MacOS Server Migration series and moving my OpenDirectory / Authentication services to FreeIPA, I also had to move PrivacyIDEA from my legacy MacOS Server and decided to move it to the FreeIPA server to have all authentication services on the same host. I am aware that FreeIPA also has OTP support built-in, but as that only supports TOTP tokens, this did not suit my needs.
In this post describes how to get this working, without interfering with the FreeIPA web interface/services. This turned out to be a bit tricky as it requires additional rights granted to work under SELinux.
Update 2019-09-18: added how to migrate an existing PrivacyIDEA instance.
Continue reading “Running PivacyIDEA with FreeIPA”