Starting the IBM MFA server

The IBM® MFA server supports authentication of users, validation of factors at runtime, and the IBM MFA GUI.

Before you begin

Before you start the IBM MFA server, ensure that the following requirements are satisfied:

  • Ensure that the pkcsslotd daemon is running:
    # ps -ef | grep pkcsslotd
    root      3441     1  0 Jan28 ?        00:00:01 pkcsslotd
  • If a firewall is running, make sure that it allows access to the SERVER AUTH PORT and MUTUAL AUTH PORT ports. One possible method to check the firewall status is with the systemctl status firewalld command:
    systemctl status firewalld
    firewalld.service - firewalld - dynamic firewall daemon
       Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
       Active: inactive (dead) since Fri 2019-12-13 12:43:29 EST; 47min ago

About this task

To start the IBM MFA server as a service, complete the following steps:


  1. Enter the following command as root:
    systemctl start mfa
  2. Verify that the service started:
    systemctl status mfa