
Installing IBM MFA server and GUI
IBM® MFA can run on any Red Hat Enterprise Linux® for IBM Z® and LinuxONE or SUSE Linux Enterprise Server on IBM Z operating system that meets the minimum requirements.
Before you begin
Important: Special considerations for
SELinux
If SELinux is enabled in your environment, perform the following
steps:
- Run the mfadb10-init.sh, mfadb20-create.sh, and mfadb30-populate.sh database scripts as described in this section.
- Review the process context and tags associated with the postgresql and pkcsslotd services before enabling mfa.service dependencies on the postgresql and pkcsslotd services.
- After you have identified the required SELinux tags, implement the sample scripts in /opt/IBM/MFA/db/db-selinux-rhel.sh and /opt/IBM/MFA/db/db-selinux-sles.sh, respectively, to update the MFA SELinux settings and enable dependencies in mfa.service.
About this task
You must install the IBM MFA server and GUI on one instance of a Red Hat Enterprise Linux for IBM Z and LinuxONE or SUSE Linux Enterprise Server on IBM Z operating system.
The IBM MFA server installs the mfa.service, which has dependencies on postgresql and pkcsslotd systemd services. systemd ensures that the dependent services are running before starting IBM MFA server.
As of version 2.2.0.7 of IBM MFA, the RPM
installation behavior for the server has changed for new installations. (For
upgrade installations no additional steps are required, as described in Updating IBM MFA server and GUI. ) The installation phases relating to the IBM MFA database are no longer invoked directly
from the server RPM installation script. Instead, the installation RPM copies the
following shell scripts to the /opt/IBM/MFA/db directory:
- mfadb10-init.sh
- This script allocates database directories and files, and starts the postgres server process.
- mfadb20-create.sh
- This script creates a postgres user to own the MFA database, and creates an empty IBM MFA database, owned by that user, in the directory created by the mfadb10-init.sh script.
- mfadb30-populate.sh
- This script creates IBM MFA table structures inside the database that was initialized and created during previous installation phases.
- mfadb-status.sh
- This script uses the pg_ctl utility to check Postgresql status on the system, as it relates to the IBM MFA database.
- mfadb-bkup.sh
- This script uses the pg_dumpall utility to create a backup of the IBM MFA database contents.

Procedure

