https://wiki.cam.ac.uk/wiki/raven/api.php?action=feedcontributions&user=mcv21&feedformat=atomRavenWiki - User contributions [en]2024-03-29T07:41:07ZUser contributionsMediaWiki 1.39.4https://wiki.cam.ac.uk/wiki/raven/index.php?title=Installing_the_Apache_authentication_module_under_MacOS_X&diff=2634Installing the Apache authentication module under MacOS X2015-03-12T12:13:47Z<p>mcv21: /* Installing mod_ucam_webauth */ Link to new 2.0.2 release</p>
<hr />
<div>==Ucam WebAuth==<br />
<br />
<br />
<br />
Ucam WebAuth v2.0 supports v3 of the protocol. This allows distinction between current users and all users. For more information please see this page https://wiki.cam.ac.uk/raven/Current_and_non-Current_users. It is recommended that mod_ucam_webauth v2.x is used for all new installs. <br />
<br />
==Installing & configuring Raven for 10.5 and later==<br />
<br />
For those users running 10.5+ on Intel hardware there is a prebuilt installer package to deploy the Raven module without the need for compilation etc. Users of previous versions of OS X should look at [[Legacy Raven info for 10.4 etc]]<br />
<br />
===Installing mod_ucam_webauth===<br />
<br />
#Download the installer package from [http://raven.cam.ac.uk/project/apache/files/MacOS/ModUcamWebauth-2.0.2.pkg.zip here] and install. This will deploy mod_ucam_webauth built for 32 & 64 bit Intel hardware into /usr/libexec/apache2/<br />
#Download the necessary RSA public keys from https://raven.cam.ac.uk/project/keys/ and place them in into /etc/apache2/webauth_keys/. The easiest way to do this is to simply execute the following commands in Terminal:<br />
<br />
<tt>sudo mkdir /etc/apache2/webauth_keys<br />
cd /etc/apache2/webauth_keys<br />
sudo curl -O https://raven.cam.ac.uk/project/keys/pubkey2</tt><br />
<br />
===Editing Apache Configuration===<br />
<br />
It is recommended that you do not edit the primary httpd.conf file but configure apache through VirtualHost files. They are found in the following locations:<br />
<br />
<tt>/etc/apache2/sites/</tt> - 10.7 Lion and earlier inc Server versions<br />
<br />
<tt>/Library/Server/Web/Config/apache2/sites/</tt> - 10.8 and later Server only<br />
<br />
It is highly recommended that you do not use Server Admin or Server to manage the web service post Raven configuration. These tools have a nasty habit of destroying configuration the GUI tools do not understand.<br />
<br />
For a basic configuration add the following to the apache config file:<br />
<br />
<tt>LoadModule ucam_webauth_module libexec/apache2/mod_ucam_webauth.so<br />
AAKeyDir "/etc/apache2/webauth_keys"<br />
AACookieKey "some random string"<br />
<Directory "/path/to/protected/web/directory"><br />
AuthType Ucam-WebAuth<br />
Require valid-user<br />
</Directory></tt><br />
<br />
====10.5, 10.6 & 10.7 specific edits====<br />
<br />
Add the following to the VirtualHosts file:<br />
<br />
<tt>LoadModule authz_user_module libexec/apache2/mod_authz_user.so</tt><br />
<br />
====10.8 or later specific edits====<br />
<br />
Add the following to the VirtualHosts file:<br />
<br />
<tt>LoadModule authz_user_module libexec/apache2/mod_authz_user.so<br />
<br />
LoadModule authz_groupfile_module libexec/apache2/mod_authz_groupfile.so</tt><br />
<br />
====Testing====<br />
<br />
Start/restart the web server and test. Check /var/log/apache2/error.log if you are having problems.<br />
<br />
This is the minimum configuration required to restrict access to resources in a particular directory to users with a Ucam-WebAuth login. See https://raven.cam.ac.uk/project/apache/README.Config for further customisation options.<br />
<br />
====Building from Source====<br />
<br />
Should you wish to build the module from source then do the following:<br />
#Download and install Xcode AND the command line tools (<tt>sudo xcode-select --install</tt> is easiest) or install gcc & support files from another source<br />
#Download mod_ucam_webauth from https://raven.cam.ac.uk/project/apache/files/MacOS/ and expand the tar archive<br />
#cd into mod_ucam_webauth and type <tt>sudo apxs -c -i -lcrypto mod_ucam_webauth.c</tt>. This will build and install the Raven authentication module for the currently booted OS X system architecture. <br />
#Install the RSA keys and edit apache as described above.<br />
<br />
If Xcode 4 or later users get the error "<tt>env: /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.8.xctoolchain/usr/bin/cc: No such file or directory</tt>" then paste in the following command as one line:<br />
<br />
<tt>sudo ln -s /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.8.xctoolchain</tt><br />
<br />
Replace OSX10.8.xctoolchain with OSX10.9.xctoolchain in the command above for Mavericks.<br />
<br />
Apple forgot to include a symlink causing apxs to fail to find the compiler.<br />
<br />
[[Legacy Raven info for 10.4 etc]]</div>mcv21https://wiki.cam.ac.uk/wiki/raven/index.php?title=Raven-enabled_applications&diff=2627Raven-enabled applications2015-01-15T17:29:58Z<p>mcv21: Add links to ASP/C# code</p>
<hr />
<div>Details of applications that have or could be adapted to use Raven, via either the Ucam-Webauth protocol or Shibboleth. Note that this list is bound to be incomplete - before doing significant work on something not listed here (or perhaps even on something that is) it might be worth asking on the cs-raven-discuss@lists.cam.ac.uk mailing list and/or public Shibboleth support lists.<br />
<br />
Just because there is something listed under 'Ucam WebAuth' or 'Shibboleth' doesn't imply that support for these protocols exists or is known to be working! Details of support for 'competing' technologies are included since they often provide useful hints about how Raven support could be implemented.<br />
<br />
<table class="wikitable" cellpadding="5"><br />
<br />
<tr><br />
<th rowspan="2">Software</th><br />
<th colspan="2">Raven</th><br />
<th colspan="4">Related SSO technologies</th><br />
</tr><br />
<tr><br />
<th>Ucam WebAuth</th><br />
<th>Shibboleth</th><br />
<th>[http://openid.net/ OpenID]</th><br />
<th>[http://www.pubcookie.org/ Pubcookie]</th><br />
<th>[http://www.ja-sig.org/products/cas/ CAS]</th><br />
<th>[http://www.stanford.edu/services/webauth/ Stanford WebAuth]<br />
</tr><br />
<br />
<tr><br />
<th colspan="7" bgcolor="#FFFFBB">Web server plugins</th><br />
</tr><br />
<br />
<tr><br />
<td>[http://httpd.apache.org Apache]</td><br />
<td>[http://raven.cam.ac.uk/project/apache/]</td><br />
<td>[http://shibboleth.internet2.edu/latest.html]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[http://www.apachelounge.com/download/win64/ 64-bit Apache 2.2 for Windows]</td><br />
<td>[http://www.emma.cam.ac.uk/files/raven/mod_ucam_webauth-1.4.3.rar]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>Microsoft IIS</td><br />
<td>[http://raven.cam.ac.uk/project/iis/]</td><br />
<td>[http://shibboleth.internet2.edu/latest.html]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>Servlet containers</td><br />
<td>[[Servlet filter]], [[JAVA Servlet Library|Servlet library]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>Tomcat</td><br />
<td>[[Tomcat authenticator and JAAS implementation|Tomcat authenticator]], [[Tomcat Valve]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<br />
<tr><br />
<th colspan="7" bgcolor="#FFFFBB">Programming language APIs</th><br />
</tr><br />
<br />
<tr><br />
<td>ASP/VBScript</td><br />
<td>[https://git.csx.cam.ac.uk/x/ucs/raven/asp.git ASP Raven Authentication Module]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>C#</td><br />
<td><ul><li>[https://git.csx.cam.ac.uk/x/ucs/raven/csharp_waa.git C# Raven Authentication Module]</li><br />
<li>[https://git.csx.cam.ac.uk/x/ucs/raven/csharp_dummy_wls.git C# Dummy Raven Server (WLS)]</li></ul></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<br />
<tr><br />
<td>Java</td><br />
<td>[http://raven.cam.ac.uk/project/java-toolkit/], </td><br />
<td>[http://www.guanxi.uhi.ac.uk/index.php/Guard]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>node.js</td><br />
<td><br />
<ul><br />
<li>[https://github.com/ForbesLindesay/passport-raven passport-raven]</li><br />
<li>[https://github.com/alexkalderimis/raven-auth raven-auth]</li><br />
</ul><br />
</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>Perl</td><br />
<td>[[Ucam-WebAuth-AA Perl module|Ucam-WebAuth-AA]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>PHP</td><br />
<td>[[PHP library]]</td><br />
<td>[http://www.guanxi.uhi.ac.uk/index.php/Guard] [http://rnd.feide.no/simplesamlphp]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>Python</td><br />
<td>[[Python]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<br />
<tr><br />
<td>Ruby</td><br />
<td>[[Ruby Support]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<th colspan="7" bgcolor="#FFFFBB">Other software</th><br />
</tr><br />
<br />
<tr><br />
<td>[http://catalyst.perl.org/ Catalyst]</td><br />
<td>[[Catalyst]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<br />
<tr><br />
<td>[http://www.adobe.com/uk/products/coldfusion-family.html Coldfusion]</td><br />
<td>[[Coldfusion]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>CourseWork</td><br />
<td>[[CourseWork]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[https://www.djangoproject.com/ Django]</td><br />
<td>[https://git.csx.cam.ac.uk/x/ucs/raven/django-ucamwebauth.git django-ucamwebauth] (Documentation for the [[Django]] module)</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[http://drupal.org/ Drupal]</td><br />
<td>[[Drupal]]</td><br />
<td>[http://drupal.org/project/shib_auth]</td><br />
<td>Built-in</td><br />
<td>[http://drupal.org/project/pubcookie]</td><br />
<td>[http://drupal.org/project/cas]</td><br />
<td>[https://www.stanford.edu/dept/stucomp/] (Stanford login only)</td><br />
</tr><br />
<br />
<br />
<tr><br />
<td>[http://forge.mysql.com/wiki/Eventum/ Eventum]</td><br />
<td>[[Eventum]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[http://www.joomla.org/ Joomla]</td><br />
<td>[[Joomla]]</td><br />
<td>[http://www.9starresearch.com/products/shimla]</td><br />
<td>[http://blog.phil-taylor.com/2008/02/18/openid-and-joomla-151/]</td><br />
<td>[http://mailman1.u.washington.edu/pipermail/pubcookie-users/2006-August/001546.html], [https://lists.cam.ac.uk/mailman/htdig/cs-raven-discuss/2007/msg00031.html]<br />
</td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[http://www.gnu.org/software/mailman/ Mailman]</td><br />
<td>[[Mailman]]</td><br />
<td></td><br />
<td></td><br />
<td>[[Mailman]]</td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[http://www.mantisbt.org/ Mantis]</td><br />
<td>Minor tweaks, supports basic auth</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[http://www.mediawiki.org/wiki/MediaWiki MediaWiki]</td><br />
<td>[[Mediawiki]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[http://moinmoin.wikiwikiweb.de/ MoinMoin]</td><br />
<td>[[MoinMoin]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[http://mrbs.sourceforge.net/ MRBS]</td><br />
<td>[[MRBS - Meeting Room Booking System|MRBS]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[http://www.nagios.org/ Nagios]</td><br />
<td>[[Nagios]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[http://nocat.net/ NoCat]</td><br />
<td>[[NoCat]]</td><br />
<td></td><br />
<td></td><br />
<td>[[NoCat]]</td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>Oracle SSO</td><br />
<td>[[Oracle SSO]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td>[http://www.ja-sig.org/wiki/display/CAS/CASifying+Oracle+Portal]</td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>PeopleSoft's PeopleTools</td><br />
<td>[[PeopleSoft's PeopleTools|PeopleTools]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[http://www.phpbb.com/ PhpBB]</td><br />
<td>[[phpBB]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[http://phpwiki.sourceforge.net/phpwiki/ PHP Wiki]</td><br />
<td>[[PHP Wiki]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[http://plone.org/ Plone]</td><br />
<td>See Zope</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[http://www.bestpractical.com/rt/ RT]</td><br />
<td>[[RT]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[http://www.sakaiproject.org/ Sakai]</td><br />
<td>[[Sakai]]</td><br />
<td>[[Sakai]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[http://www.soks.org/ Soks wiki]</td><br />
<td>[[Soks wiki|Soks]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[http://symfony.com/ Symfony2]</td><br />
<td>[https://github.com/misd-service-development/raven-bundle RavenBundle]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[http://twiki.org/ Twiki]</td><br />
<td></td><br />
<td>[[Twiki]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[http://wordpress.org/ WordPress]</td><br />
<td>[[Wordpress Plugin|Daniel Hill's plugin (2008)]],<br />
[http://github.com/gfarrell/WPRavenAuth WPRavenAuth plugin by Gideon Farrell and Conor Burgess (2013)],<br />
[http://dev.webadmin.ufl.edu/~dwc/2005/03/02/authentication-plugins/ obsolete patches to enable authentication plugins]<br />
</td><br />
<td>[http://wordpress.org/extend/plugins/shibboleth/ Shibboleth plugin] and [[Shibboleth Wordpress plugin|local usage notes]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td>[http://www.zope.org/ Zope]</td><br />
<td></td><br />
<td>[https://mams.melcoe.mq.edu.au/zope/mams/pubs/Installation/shibbolized-zope], [http://tid.ithaka.org/software]<br />
</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<th colspan="7" bgcolor="#FFFFBB">Hardware applications</th><br />
</tr><br />
<br />
<tr><br />
<td>[http://www.bradfordnetworks.com/ Bradford Campus Manager]</td><br />
<td>[[Bradford Campus Manager]]</td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
<tr><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
<td></td><br />
</tr><br />
<br />
</table><br />
<br />
==Custom Raven applications==<br />
<br />
Applications written directly to use Raven:<br />
<br />
* [[Crow - Raven intermediary]]<br />
* [[CamCORS]]<br />
* [[Room Booking]]<br />
* [[WebNAG]], a Raven-based replacement for [[NoCat]]<br />
* [[Lapnet]], a locally written captive portal (wired only atm!)</div>mcv21https://wiki.cam.ac.uk/wiki/raven/index.php?title=PHP_library&diff=2606PHP library2014-03-27T12:50:36Z<p>mcv21: Add links to the git repo</p>
<hr />
<div>The UcamWebauth PHP class provides an application agent for making authentication requests to the UcamWebauth server that can be called from PHP.<br />
<br />
This could be useful if you wanted to embed authentication logic within a PHP web application. If all you want to do is Raven-protect some PHP-processed pages you'd probably be better using container-managed security such as that provided by the [[Ucam-WebAuth-AA Perl module | Raven Apache modules]].<br />
<br />
This module is really alpha-quality software and in need of further development. However it could be a useful starting point for anyone wanting to user Raven and PHP.<br />
<br />
Note that versions of this library prior to 0.51 contained a security vulnerability, in that they used the value of the 'Host' header of an HTTP response to validate 'Authentication response' messages. The Host header is under the control of a potential attacker and, by altering it, an attacker might be able to replay an existing Authentication Response message against a site that relies on the PHP library. This problem is resolved in version 0.51, at the expense of an incompatible change: a securely-obtained host name must be supplied before invoking the library functions. <br />
<br />
This problem also affected versions of this library identified as 0.6 and 0.61 that were distributed only as part of Raven authentication support for phpBB3 in early 2008, but updated phpBB/Raven kits (with V0.62, which provides the security fix) are available.<br />
<br />
[NB Version 0.51 is '''not''' suitable as a replacement for 0.6/0.61, as the phpBB modifications require newly-added functionality that doesn't exist in 0.51. Conversely, the changes in 0.6/0.61/0.62 broke the old interface (as provided by 0.51 and earlier), so they cannot be used with software that uses the old interface. It is hoped that at some point in the future, a unified version will support both the old and new functionality.]<br />
<br />
The code for this module is now available from the UCS git service, [https://git.csx.cam.ac.uk/x/ucs/raven/php.git here].<br />
<br />
* [https://git.csx.cam.ac.uk/x/ucs/raven/php.git/blob_plain/HEAD:/ucam_webauth_php.txt Documentation]<br />
* [https://git.csx.cam.ac.uk/x/ucs/raven/php.git/tree Distribution]<br />
<br />
This module is distributed under the terms of the GNU Lesser General Public License and is currently minimally maintained by [[person:jw35 | Jon Warbrick]] and [[person:jml4 | John Line]].</div>mcv21https://wiki.cam.ac.uk/wiki/raven/index.php?title=Installing_the_Apache_authentication_module_under_MacOS_X&diff=2581Installing the Apache authentication module under MacOS X2013-07-15T15:51:30Z<p>mcv21: link to the new mod_ucam_webauth .zip</p>
<hr />
<div>==Ucam WebAuth==<br />
<br />
<br />
<br />
Ucam WebAuth v2.0 supports v3 of the protocol. This allows distinction between current users and all users. For more information please see this page https://wiki.cam.ac.uk/raven/Current_and_non-Current_users. It is recommended that mod_ucam_webauth v2.x is used for all new installs. <br />
<br />
==Installing & configuring Raven for 10.5 and later==<br />
<br />
For those users running 10.5+ on Intel hardware there is a prebuilt installer package to deploy the Raven module without the need for compilation etc. Users of previous versions of OS X should look at [[Legacy Raven info for 10.4 etc]]<br />
<br />
===Installing mod_ucam_webauth===<br />
<br />
#Download the installer package from [http://raven.cam.ac.uk/project/apache/files/MacOS/ModUcamWebauth-2.0.0.pkg.zip here] and install. This will deploy mod_ucam_webauth built for 32 & 64 bit Intel hardware into /usr/libexec/apache2/<br />
#Download the necessary RSA public keys from https://raven.cam.ac.uk/project/keys/ and place them in into /etc/apache2/webauth_keys/. The easiest way to do this is to simply execute the following commands in Terminal:<br />
<br />
<tt>sudo mkdir /etc/apache2/webauth_keys<br />
cd /etc/apache2/webauth_keys<br />
sudo curl -O https://raven.cam.ac.uk/project/keys/pubkey2</tt><br />
<br />
===Editing Apache Configuration===<br />
<br />
It is recommended that you do not edit the primary httpd.conf file but configure apache through VirtualHost files. They are found in the following locations:<br />
<br />
<tt>/etc/apache2/sites/</tt> - 10.7 Lion and earlier inc Server versions<br />
<br />
<tt>/Library/Server/Web/Config/apache2/sites/</tt> - 10.8 Server only<br />
<br />
It is highly recommended that you do not use Server Admin or Server to manage the web service post Raven configuration. These tools have a nasty habit of destroying configuration the GUI tools do not understand.<br />
<br />
For a basic configuration add the following to the apache config file:<br />
<br />
<tt>LoadModule ucam_webauth_module libexec/apache2/mod_ucam_webauth.so<br />
AAKeyDir "/etc/apache2/webauth_keys"<br />
AACookieKey "some random string"<br />
<Directory "/path/to/protected/web/directory"><br />
AuthType Ucam-WebAuth<br />
Require valid-user<br />
</Directory></tt><br />
<br />
====10.5, 10.6 & 10.7 specific edits====<br />
<br />
Add the following to the VirtualHosts file:<br />
<br />
<tt>LoadModule authz_user_module libexec/apache2/mod_authz_user.so</tt><br />
<br />
====10.8 Specific edits====<br />
<br />
Add the following to the VirtualHosts file:<br />
<br />
<tt>LoadModule authz_user_module libexec/apache2/mod_authz_user.so<br />
<br />
LoadModule authz_groupfile_module libexec/apache2/mod_authz_groupfile.so</tt><br />
<br />
====Testing====<br />
<br />
Start/restart the web server and test. Check /var/log/apache2/error.log if you are having problems.<br />
<br />
This is the minimum configuration required to restrict access to resources in a particular directory to users with a Ucam-WebAuth login. See https://raven.cam.ac.uk/project/apache/README.Config for further customisation options.<br />
<br />
====Building from Source====<br />
<br />
Should you wish to build the module from source then do the following:<br />
#Download and install Xcode or install gcc & support files from another source<br />
#Download mod_ucam_webauth from https://raven.cam.ac.uk/project/apache/files/MacOS/ and expand the tar archive<br />
#cd into mod_ucam_webauth and type <tt>sudo apxs -c -i -lcrypto mod_ucam_webauth.c</tt>. This will build and install the Raven authentication module for the currently booted OS X system architecture. <br />
#Install the RSA keys and edit apache as described above.<br />
<br />
If 10.8 users get the error "<tt>env: /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.8.xctoolchain/usr/bin/cc: No such file or directory</tt>" then paste in the following command as one line:<br />
<br />
<tt>sudo ln -s /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain /Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.8.xctoolchain</tt><br />
<br />
Apple forgot to include a symlink causing apxs to fail to find the compiler.<br />
<br />
[[Legacy Raven info for 10.4 etc]]</div>mcv21