EKCA

  1. Server
  2. Client

Server

Local test installation from PyPI

For a full server installation use the

PIP-based installation of server with LDAP password plugin:

python3 -m venv /opt/ekca
/opt/ekca/bin/pip3 install ekca-client ekca-plugin-ldap3
EKCA_CFG=/path/to/ekca-service.cfg FLASK_APP=ekca_service.srv flask run --host 0.0.0.0 --port 5000

Dedicated host installation with ansible

For a automated and hardened installation of all components on a dedicated system use ansible role ekca_service.

Supported OS:

Public repositories used:

Adjust ansible variable ekca_repo_url to point to your private package repository if needed.

Clone the ansible role and example inventory:

git clone https://gitlab.com/ekca/ansible-ekca-service
cp -av example myenv

Edit the following files to match your environment:

Run ansible playbook

ansible-playbook ekca-servers.yml -i example/hosts --diff

Client

PIP-based installation:

python3 -m venv /opt/ekca
/opt/ekca/bin/pip3 install ekca-client

You need a client configuration file like these example configuration files:

Invoke the client CLI tool optionally with user name as command-line argument:

/opt/ekca/bin/ekca-ssh-init user1

See also: