Installing the Apache authentication module under MacOS X

From RavenWiki
Revision as of 10:56, 1 February 2012 by jwrn3 (talk | contribs)
Jump to navigationJump to search

Installing & configuring Raven for 10.5 and later

For those users running 10.5+ on Intel hardware there is a prebuilt installer package to deploy the Raven module without the need for compilation etc. Users of previous versions of OS X should look at Legacy Raven info for 10.4 etc

Installing mod_ucam_webauth

  • Download the installer package from here and install. This will deploy mod_ucam_webauth built for 32 & 64 bit Intel hardware into /usr/libexec/apache2/
  • Download the necessary RSA public keys from https://raven.cam.ac.uk/project/keys/ and place them in into /etc/apache2/webauth_keys/. The easiest way to do this is to simply execute the following commands in Terminal:
sudo mkdir /etc/apache2/webauth_keys
cd /etc/apache2/webauth_keys
sudo curl -O https://raven.cam.ac.uk/project/keys/pubkey2

Editing httpd.conf

  • Add the following to /etc/apache2/httpd.conf, after the last line beginning with "LoadModule":
LoadModule ucam_webauth_module libexec/apache2/mod_ucam_webauth.so
AAKeyDir "/etc/apache2/webauth_keys"
AACookieKey "some random string"
<Directory "/path/to/protected/web/directory">
  AuthType Ucam-WebAuth
  Require valid-user
</Directory>
  • 10.5 & 10.6 specific edits

Enable the authz_user_module module to prevent apache 500 errors.

  • 10.7 specific edits

There are two references to authz_user_module in the default 10.7 httpd.conf. Enable the reference in the <IfDefine MACOSXSERVER> section.

Start/restart the web server and test. Check /var/log/apache2/error.log if you are having problems.


Legacy Raven info for 10.4 etc