httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Neil A. Hillard" <neil.hill...@agustawestland.com>
Subject Re: [users@httpd] xradius and otp
Date Thu, 20 Sep 2007 11:34:50 GMT
Cornelius,

Cornelius K├Âlbel wrote:
> I am trying to use mod_auth_xradius with ubuntu 7.04, apache 2.2
> I compiled and installed/configured it successfully. Thanks to an earlier questions.
> 
> But I'd like to use one time passwords.
> 
> The first time I access my website http://secret-site3 the authentication works fine.
> 
> But when i click on another link on this page, i time out and some times I get a second
auth request.
> 
> My vhost config looks like this:
> 
> --snip--
> LoadModule auth_xradius_module /usr/lib/apache2/modules/mod_auth_xradius.so
> ## If you do not want Authentication Caching, set:
> #AuthXRadiusCache none -
> AuthXRadiusCache dbm "/usr/lib/apache2/auth_xradius_cache"
> # 1h Timeout.
> AuthXRadiusCacheTimeout 3600

<snip>

> Is it right that the basic authentication sends the credentials again, when going to
another link?
> Then of course the OTP would not be valid anymore.
> 
> I think the module needs to remember, that the user was authenticated. I think mod_auth_radius
of freeradius used to use session cookies, but this module won't run with apache 2.2.
> How could it be done using mod_auth_xradius?

The purpose of the cache is to store the username / password pairs so
they can be validated without hitting the RADIUS server (which would
fail).  You appear to have configured the cache but it doesn't appear to
be working.

I can confirm that we are using it in this exact situation (in fact Paul
wrote it for us!) and we don't have any problems.

We actually use memcache:

AuthXRadiusCache memcache "127.0.0.1:11211"

but it may be something to do with your permissions on:

/usr/lib/apache2/auth_xradius_cache

Does the user Apache is running as have permission to access/create the
file?

HTH,


				Neil.

-- 
Neil Hillard                    neil.hillard@agustawestland.com
AgustaWestland                  http://www.whl.co.uk/

Disclaimer: This message does not necessarily reflect the
            views of Westland Helicopters Ltd.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message