httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cornelius Kölbel <>
Subject [users@httpd] xradius and otp
Date Thu, 20 Sep 2007 11:16:33 GMT
Dear list,

I am trying to use mod_auth_xradius with ubuntu 7.04, apache 2.2
I compiled and installed/configured it successfully. Thanks to an earlier questions.

But I'd like to use one time passwords.

The first time I access my website http://secret-site3 the authentication works fine.

But when i click on another link on this page, i time out and some times I get a second auth

My vhost config looks like this:

LoadModule auth_xradius_module /usr/lib/apache2/modules/
## If you do not want Authentication Caching, set:
#AuthXRadiusCache none -
AuthXRadiusCache dbm "/usr/lib/apache2/auth_xradius_cache"
# 1h Timeout.
AuthXRadiusCacheTimeout 3600

<VirtualHost *>
        ServerName secret-site3
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/site3
        <Directory />
                Options FollowSymLinks
                AllowOverride All
        <Directory /var/www/site3/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all

                 AuthType Basic
                AuthBasicProvider xradius
                 AuthName "Please enter your username and WiKID one-time passcode for entry
to this site."
                 AuthXRadiusAddServer "localhost:1812" "testing123"

                 AuthXRadiusTimeout 7
                 AuthXRadiusRetries 2
                 #       AuthUserFile /etc/apache2/passwd
                 require valid-user

                # This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
                #RedirectMatch ^/$ /apache2-default/

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel debug
        CustomLog /var/log/apache2/access.log combined
        ServerSignature On

Is it right that the basic authentication sends the credentials again, when going to another
Then of course the OTP would not be valid anymore.

I think the module needs to remember, that the user was authenticated. I think mod_auth_radius
of freeradius used to use session cookies, but this module won't run with apache 2.2.
How could it be done using mod_auth_xradius?

Thanks a lot and kind regards

Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.
For all your IT requirements visit:

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message