Installing the Apache authentication module under MacOS X
Installing & configuring Raven for 10.5 and later
For those users running 10.5+ on Intel hardware there is a prebuilt installer package to deploy the Raven module without the need for compilation etc. Users of previous versions of OS X should look at Legacy Raven info for 10.4 etc
Installing mod_ucam_webauth
- Download the installer package from here and install. This will deploy mod_ucam_webauth built for 32 & 64 bit Intel hardware into /usr/libexec/apache2/
- Download the necessary RSA public keys from https://raven.cam.ac.uk/project/keys/ and place them in into /etc/apache2/webauth_keys/. The easiest way to do this is to simply execute the following commands in Terminal:
sudo mkdir /etc/apache2/webauth_keys cd /etc/apache2/webauth_keys sudo curl -O https://raven.cam.ac.uk/project/keys/pubkey2
Editing httpd.conf
Add the following to /etc/apache2/httpd.conf, after the last line beginning with "LoadModule":
LoadModule ucam_webauth_module libexec/apache2/mod_ucam_webauth.so AAKeyDir "/etc/apache2/webauth_keys" AACookieKey "some random string" <Directory "/path/to/protected/web/directory"> AuthType Ucam-WebAuth Require valid-user </Directory>
10.5 & 10.6 specific edits
Enable the authz_user_module module by removing the hash at the start of LoadModule line to prevent apache 500 errors.
10.7 specific edits
There are two references to authz_user_module in the default 10.7 httpd.conf. Enable the reference in the <IfDefine MACOSXSERVER> section by removing the hash. Again this prevents apache 500 errors.
Testing
Start/restart the web server and test. Check /var/log/apache2/error.log if you are having problems.
This is the minimum configuration required to restrict access to resources in a particular directory to users with a Ucam-WebAuth login. See https://raven.cam.ac.uk/project/apache/README.Config for further customisation options.
Building from Source
Should you wish to build the module from source then do the following:
- Download and install Xcode or install gcc & support files from another source
- Download mod_ucam_webauth from https://raven.cam.ac.uk/project/apache/files/mod_ucam_webauth-1.4.2.tar and expand the tar archive
- cd into mod_ucam_webauth and type sudo apxs -c -i -lcrypto mod_ucam_webauth.c. This will build and install the Raven authentication module for the booted OS X system architecture.
- Now install the RSA keys and edit httpd.conf as described above.