Installing the Apache authentication module under MacOS X: Difference between revisions
(Created, based on dnb1002's original) |
(Assorted fixups) |
||
| Line 13: | Line 13: | ||
* Follow the instructions in the installer. | * Follow the instructions in the installer. | ||
2. Download a copy of mod_ucam_webauth from https://raven.cam.ac.uk/project/apache/files/ (By default this will be downloaded into a folder | 2. Download a copy of mod_ucam_webauth from https://raven.cam.ac.uk/project/apache/files/ (By default this will be downloaded into a folder called mod_ucam_webauth-1.06 on your desktop) | ||
* Start the Terminal application. | * Start the Terminal application. | ||
* Type the command "cd Desktop/mod_ucam_webauth-1.0.6". | * Type the command "cd Desktop/mod_ucam_webauth-1.0.6". | ||
| Line 44: | Line 44: | ||
chmod 755 /usr/libexec/httpd/mod_ucam_webauth.so | chmod 755 /usr/libexec/httpd/mod_ucam_webauth.so | ||
3. Download the RSA public keys | 3. Download the necessary RSA public keys from https://raven.cam.ac.uk/project/keys/ and place them in /usr/conf/webauth_keys/. | ||
(The names of the key files should not be changed - beware that they | The Apache module only needs the "PEM formated PKCS#1 RSA public key" which is stored in a file named pubkey''<n>'' (currently pubkey2). The names of the key files should not be changed - beware that they have no filename suffix but that some browsers may add .txt or similar when downloading them. | ||
have no filename suffix but that some browsers may add .txt or similar | |||
when downloading them. | |||
4. Add the following to /etc/httpd/httdp.conf | 4. Add the following to /etc/httpd/httdp.conf, after the line that reads "ClearModuleList": | ||
LoadModule ucam_webauth_module libexec/httpd/mod_ucam_webauth.so | LoadModule ucam_webauth_module libexec/httpd/mod_ucam_webauth.so | ||
AddModule mod_ucam_webauth.c | |||
AACookieKey "some random string" | |||
<Directory "path to protected directory"> | |||
AuthType Ucam-WebAuth | |||
Require valid-user | |||
</Directory> | |||
This is the minimum configuration required to restrict access to resources in a particular directory to users with a Ucam-WebAuth login. See https://raven.cam.ac.uk/project/apache/README.Config for further customization options. | |||
This is the minimum configuration required to restrict access to resources in a particular directory to users with a Ucam-WebAuth login. See https://raven.cam.ac.uk/project/apache/README for further customization options. | |||
Revision as of 09:08, 6 June 2006
1. Log in as administrator (aka admin) and install the Xcode tools if you haven't already got them installed on your system. This will give you all the stuff you need for writing code on your Mac.
You can pick the Xcode tools up from http://developer.apple.com/tools/download/ or install it from your distribution CD.
To install Xcode tools from the CD:
- Insert the CD labeled "Mac OS X Xcode Tools" and double-click on the XcodeTools.mpkg icon.
- Enter your administrator password.
- Follow the instructions in the installer.
To install the Xcode tools from the the package (ie. XcodeTools1.5_CD.dmg) that you downloaded from the developer.apple.com site:
- Double-click on the XcodeTools1.5_CD.dmg.
- Enter your administrator password.
- Follow the instructions in the installer.
2. Download a copy of mod_ucam_webauth from https://raven.cam.ac.uk/project/apache/files/ (By default this will be downloaded into a folder called mod_ucam_webauth-1.06 on your desktop)
- Start the Terminal application.
- Type the command "cd Desktop/mod_ucam_webauth-1.0.6".
- To build ucam_webauth type the command "make".
You should see something along the following lines:
admin$ make /usr/sbin/apxs -c -lcrypto \ mod_ucam_webauth.c gcc -DDARWIN -DUSE_HSREGEX -DUSE_EXPAT -I../lib/expat-lite -g -Os -pipe -DHARD_SERVER_LIMIT=2048 -DEAPI -DSHARED_MODULE -I/usr/include/httpd -c mod_ucam_webauth.c cc -bundle -undefined suppress -flat_namespace -Wl,-bind_at_load -o mod_ucam_webauth.so mod_ucam_webauth.o -lcrypo
- Then copy the module into the /usr/libexec/httpd/ directory by typing "sudo make install"
You should see something along the following lines:
sudo make install Password: /usr/sbin/apxs -c -lcrypto \ mod_ucam_webauth.c gcc -DDARWIN -DUSE_HSREGEX -DUSE_EXPAT -I../lib/expat-lite -g -Os -pipe -DHARD_SERVER_LIMIT=2048 -DEAPI -DSHARED_MODULE -I/usr/include/httpd -c mod_ucam_webauth.c cc -bundle -undefined suppress -flat_namespace -Wl,-bind_at_load -o mod_ucam_webauth.so mod_ucam_webauth.o -lcrypto /usr/sbin/apxs -i mod_ucam_webauth.so cp mod_ucam_webauth.so /usr/libexec/httpd/mod_ucam_webauth.so chmod 755 /usr/libexec/httpd/mod_ucam_webauth.so
3. Download the necessary RSA public keys from https://raven.cam.ac.uk/project/keys/ and place them in /usr/conf/webauth_keys/.
The Apache module only needs the "PEM formated PKCS#1 RSA public key" which is stored in a file named pubkey<n> (currently pubkey2). The names of the key files should not be changed - beware that they have no filename suffix but that some browsers may add .txt or similar when downloading them.
4. Add the following to /etc/httpd/httdp.conf, after the line that reads "ClearModuleList":
LoadModule ucam_webauth_module libexec/httpd/mod_ucam_webauth.so AddModule mod_ucam_webauth.c AACookieKey "some random string" <Directory "path to protected directory"> AuthType Ucam-WebAuth Require valid-user </Directory>
This is the minimum configuration required to restrict access to resources in a particular directory to users with a Ucam-WebAuth login. See https://raven.cam.ac.uk/project/apache/README.Config for further customization options.
