Installing the Apache authentication module under MacOS X

From RavenWiki
Revision as of 08:50, 3 February 2012 by jwrn3 (talk | contribs)
Jump to navigationJump to search

Installing & configuring Raven for 10.5 and later

For those users running 10.5+ on Intel hardware there is a prebuilt installer package to deploy the Raven module without the need for compilation etc. Users of previous versions of OS X should look at Legacy Raven info for 10.4 etc

Installing mod_ucam_webauth

  1. Download the installer package from here and install. This will deploy mod_ucam_webauth built for 32 & 64 bit Intel hardware into /usr/libexec/apache2/
  2. Download the necessary RSA public keys from https://raven.cam.ac.uk/project/keys/ and place them in into /etc/apache2/webauth_keys/. The easiest way to do this is to simply execute the following commands in Terminal:
sudo mkdir /etc/apache2/webauth_keys
cd /etc/apache2/webauth_keys
sudo curl -O https://raven.cam.ac.uk/project/keys/pubkey2

Editing httpd.conf

Add the following to /etc/apache2/httpd.conf, after the last line beginning with "LoadModule":

LoadModule ucam_webauth_module libexec/apache2/mod_ucam_webauth.so
AAKeyDir "/etc/apache2/webauth_keys"
AACookieKey "some random string"
<Directory "/path/to/protected/web/directory">
  AuthType Ucam-WebAuth
  Require valid-user
</Directory>

10.5 & 10.6 specific edits

Enable the authz_user_module module by removing the hash at the start of LoadModule line to prevent apache 500 errors.

10.7 specific edits

There are two references to authz_user_module in the default 10.7 httpd.conf. Enable the reference in the <IfDefine MACOSXSERVER> section by removing the hash. Again this prevents apache 500 errors.

Testing

Start/restart the web server and test. Check /var/log/apache2/error.log if you are having problems.

This is the minimum configuration required to restrict access to resources in a particular directory to users with a Ucam-WebAuth login. See https://raven.cam.ac.uk/project/apache/README.Config for further customisation options.

Building from Source

Should you wish to build the module from source then do the following:

  1. Download and install Xcode or install gcc & support files from another source
  2. Download mod_ucam_webauth from https://raven.cam.ac.uk/project/apache/files/mod_ucam_webauth-1.4.2.tar and expand the tar archive
  3. cd into mod_ucam_webauth and type sudo apxs -c -i -lcrypto mod_ucam_webauth.c. This will build and install the Raven authentication module for the booted OS X system architecture.
  4. Now install the RSA keys and edit httpd.conf as described above.

Legacy Raven info for 10.4 etc