Teampass is a dedicated password manager for storing/accessing passwords securely in MySQL database. It is especially designed for business and enterprise environment and provides team manager a powerful tool for customizing passwords access depending on users role. This article covers how to setup Teampass on Ubuntu 16.04 with Apache and Mysql.
Requirements:
Apache, MySQL, PHP 5.5.0 or higher
PHP extensions: mcrypt, openssl, ldap (if used), mbstring, bcmath, iconv, xml, gd, openssl, mysqlnd
1) Install Apache/MySQL
Apache2 is available as an Ubuntu package, install it using following command. The document root of the apache default vhost is /var/www/html and the main configuration file is /etc/apache2/apache2.conf.
root@demohost:~# sudo apt-get install apache2
Similarly, install mysql server with the following apt-get command. While installing mysql you will be asked for root password. Provide a strong password.
root@demohost:~# sudo apt-get install mysql-server
Optionally, you can go for secure mysql installation. You need to answer few questions for secure installation.
root@demohost:~# sudo mysql_secure_installation
2) Install PHP
Install php7 and apache2 module like below.
root@demohost:~# sudo apt-get install php libapache2-mod-php
Now install all the php extensions required by teampass
root@demohost:~# sudo apt-get install php-mcrypt php-mysql php-opcache php-mbstring php-ldap php-bcmath php-gd php-xml php-common php-mysqlnd
Check the version of php
root@demohost:~# php -v
PHP 7.0.13-0ubuntu0.16.04.1 (cli) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
with Zend OPcache v7.0.13-0ubuntu0.16.04.1, Copyright (c) 1999-2016, by Zend Technologies
3) Create MySQL database
Create a MySQL database and a user for team-pass.
root@demohost:~# mysql -u root -p
Enter password:mysql> create database teampass;
Query OK, 1 row affected (0.00 sec)mysql> grant all privileges on teampass.* to teampassuser@localhost identified by 'somepassword';
Query OK, 0 rows affected, 1 warning (0.00 sec)mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)mysql> quit
Bye
4) Configure Apache for teampass
Download team-pass from github and unzip it in the website root folder /var/www/html.
root@demohost:~# cd /var/www/html
root@demohost:/var/www/html# wget -q https://github.com/nilsteampassnet/TeamPass/archive/master.zip
root@demohost:/var/www/html# unzip master.zip
Change the ownership of team-pass to www-data
root@demohost:/var/www/html# mv TeamPass-master/ teampassuser
root@demohost:/var/www/html# chown -R www-data:www-data teampass/
Change maximum execution time of PHP to 120
root@demohost:/var/www/html# vim /etc/php/7.0/apache2/php.ini
max_execution_time = 120
Restart Apache
root@demohost:/var/www/html# service apache2 restart
Create Team-pass keys directory inside /var/www/html/teampass and change permission and ownership.
root@demohost:/var/www/html# mkdir -p /var/www/html/teampass/keys
root@demohost:/var/www/html# chmod 755 /var/www/html/teampass/keys
root@demohost:/var/www/html# chown -R www-data:www-data /var/www/html/teampass/keys
5) Install Teampass
Open your favorite browser and type http://IP-ADDRESS/teampass or http://domain-name/teampass in the address bar. You will be welcome by installation suggestions.
Click "Next"
Click "Launch". If any error is found during server check, correct it and then click "Restart". Once all requirements/server check are passed successfully click "Next".
Provide MySQL database information that we have created in step 3 and click "Launch". The installer will validate the database information. On successful validation you will get the message "Connection is successful".
Give a table prefix, generate encryption keys, give the path of teampass keys that we have created earlier. You also need to provide a admin password and then click the check-box "Send monthly anonymous statistics" (optional). Now click "Launch".
Click "Launch" to proceed to next step.
Once database information is stored click "Next"
Click "Next" for finalizing installation.
Click "Next"
The teampass installation is finished, click "Start"
Login to teampass using admin account with your chosen password.
The main page describes about the components being used in teampass and other information's.
Now click "Settings" and adjust values according to your environment. Change maintenance mode to no and change timezone and date format.
Click "Folders management" icon from top and then click "+" sign. Now create a folder according to your requirements and then click “Save”. Similarly create few folders.
Now Click "Roles management" icon from the top and then click "+" sign to create few roles.
In roles management for the folder "HR"" click the "hand"" icon and give the read access and then click "Save".
View all the folders/sub-folders and their attributes by clicking the folders management icon from the top.
Click roles management from the top menu bar, choose the folder for which you want to define access rights and save.
Click "+" icon from users management to add a user, enter users details and save.
To edit the users account click the arrow key.
To change users password, click "Key" symbol from users management. Provide new password and save.
Click utilities tab (last one), make API access enabled and create a new key. Now add allowed IP address to access API.
Enable Google 2FA and DUO security 2FA to "Yes". Generate random key and save.
In the e-mail tab, provide SMTP server address and rest of the information according to yours.
You can change settings for database backup and restore as well as optional backup script.
In LDAP section, Choose the server type and other information if you intend to use LDAP.
We have covered almost all the aspects of team-pass including installation . You can now explore the rest of the utilities .
Conclusions:
We have installed it and explored most of the functionalities. Browse here to read full documentation of teampass. Hope you have enjoyed this tutorial and thanks for reading this article.
Thanks a lot!
I think, here is mistake:
Change the ownership of team-pass to www-data
root@demohost:/var/www/html# mv TeamPass-master/ teampassuser
should be teampass instead of teampassuser