Yubico Forum

Installing YK-VAL on Centos 7
Page 1 of 1

Author:  theclown [ Fri Feb 27, 2015 2:49 pm ]
Post subject:  Installing YK-VAL on Centos 7


I am trying to install YK-Val on my Centos 7 following this guide:
https://developers.yubico.com/yubikey-v ... ation.html

Unforntunately when trying to execute make install (step 1), I get the following error:

install: invalid group ‘www-data’
make: *** [install] Error 1

Any help would be appreciated.
I am pretty inexperienced with linux so apologies in advance if the question is very basic.

Below I have copied the complete output:

install -D --mode 644 ykval-verify.php /usr/share/yubikey-val/ykval-verify.php
install -D --mode 644 ykval-common.php /usr/share/yubikey-val/ykval-common.php
install -D --mode 644 ykval-synclib.php /usr/share/yubikey-val/ykval-synclib.php
install -D --mode 644 ykval-sync.php /usr/share/yubikey-val/ykval-sync.php
install -D --mode 644 ykval-resync.php /usr/share/yubikey-val/ykval-resync.php
install -D --mode 644 ykval-db.php /usr/share/yubikey-val/ykval-db.php
install -D --mode 644 ykval-db-pdo.php /usr/share/yubikey-val/ykval-db-pdo.php
install -D --mode 644 ykval-db-oci.php /usr/share/yubikey-val/ykval-db-oci.php
install -D --mode 644 ykval-log.php /usr/share/yubikey-val/ykval-log.php
install -D ykval-queue /usr/sbin/ykval-queue
install -D ykval-synchronize /usr/sbin/ykval-synchronize
install -D ykval-export /usr/sbin/ykval-export
install -D ykval-import /usr/sbin/ykval-import
install -D ykval-gen-clients /usr/sbin/ykval-gen-clients
install -D ykval-export-clients /usr/sbin/ykval-export-clients
install -D ykval-import-clients /usr/sbin/ykval-import-clients
install -D ykval-checksum-clients /usr/sbin/ykval-checksum-clients
install -D ykval-checksum-deactivated /usr/sbin/ykval-checksum-deactivated
install -D ykval-nagios-queuelength.php /usr/sbin/ykval-nagios-queuelength
install -D ykval-queue.1 /usr/share/man/man1/ykval-queue.1
install -D ykval-synchronize.1 /usr/share/man/man1/ykval-synchronize.1
install -D ykval-import.1 /usr/share/man/man1/ykval-import.1
install -D ykval-export.1 /usr/share/man/man1/ykval-export.1
install -D ykval-gen-clients.1 /usr/share/man/man1/ykval-gen-clients.1
install -D ykval-import-clients.1 /usr/share/man/man1/ykval-import-clients.1
install -D ykval-export-clients.1 /usr/share/man/man1/ykval-export-clients.1
install -D ykval-checksum-clients.1 /usr/share/man/man1/ykval-checksum-clients.1
install -D ykval-checksum-deactivated.1 /usr/share/man/man1/ykval-checksum-deactivated.1
install -D ykval-munin-ksmlatency.php /usr/share/munin/plugins/ykval_ksmlatency
install -D ykval-munin-vallatency.php /usr/share/munin/plugins/ykval_vallatency
install -D ykval-munin-queuelength.php /usr/share/munin/plugins/ykval_queuelength
install -D ykval-munin-responses.pl /usr/share/munin/plugins/ykval_responses
install -D ykval-munin-ksmresponses.pl /usr/share/munin/plugins/ykval_ksmresponses
install -D ykval-munin-yubikeystats.php /usr/share/munin/plugins/ykval_yubikeystats
install -D --backup --mode 640 --group www-data ykval-config.php /etc/yubico/val/ykval-config.php
install: invalid group ‘www-data’
make: *** [install] Error 1


Author:  admoss1980 [ Tue Sep 29, 2015 8:53 pm ]
Post subject:  Re: Installing YK-VAL on Centos 7

Centos, if you
yum install httpd
will create the group as

So you need to edit the Makefile and change the wwwgroup setting from

I found the installation doc's somewhat lacking when it came to CentOS and RHEL, especially in an EAL4 configuration.


Author:  stefenTZ [ Tue Nov 03, 2015 9:20 pm ]
Post subject:  Re: Installing YK-VAL on Centos 7

Hello "the clown",

we are also struggling setting up Yubico Validation Server on Top of CentOS 7.
While the installation how is easy to follow (and to adapt for CentOS) the final test if everything works fails.
You may want to follow my detailed step-by-step howto here:

Howto: Setup Yubico KSM on top of CentOS 7 + Question

As the installation of the Validation Server and also the Key Storage Module Server is done with a fews steps, I don't understand why there are no detailed installation howtos for the main distros.
More important since CentOS is binary compatible to RHEL which is very common in enterprise environments.

As far as I can see you haven't received any answers (yet) - there doesn't seem to be much traffic on the forum sites.
Have you successfully setup the Yubico Validation Server on CentOS and have the final test been successfull?
I have also opened a case with Yubico Support to get Yubico Servers up and running on CentOS and will share my knowledge.

- Stefen

Author:  Yuriko [ Fri Nov 13, 2015 9:31 am ]
Post subject:  Re: Installing YK-VAL on Centos 7

I'm currently in the process of getting things up and running on CentOS 6.7. Making notes left and right, to make sure I can properly document it.

One of the interesting issues I'm running into now, is the registration of new clients which uses the ykval-verify user account on MySQL. Doesn't make sense though, because the basic setup only grants SELECT on the relevant tables. I'll need to figure out how to override the userID settings sourced from the ykval config.php file.

EDIT: I'm getting there :) Both YKVAL and YKKMS are working :) Onwards to configuring PAM to try and get the next step to work.

EDIT2: Succeeeesss! :D SSH allows me to use MFA-login requiring two inputs: Yubikey and password, the prior of which is validated against YKVAL and YKKMS :) I'll make a thorough write-up asap.

EDIT3: There we go! I've finished a full write-up of how I built a Yubikey Validation server on CentOS 6.7 (aka RHEL6). You may find it over here -> http://www.kilala.nl/Sysadmin/index.php?id=2340

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group