You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "Neil A. Hillard" <hi...@whl.co.uk> on 2005/03/09 11:34:03 UTC

[users@httpd] RADIUS authentication with acceleration...

Hi,

	I'm currently using Apache 2.0.53 as an accelerator, performing 
rewriting (both URL and HTML) (thanks to Nick Kew !!!) which is working 
perfectly.

	I need to secure this with RADIUS authentication.  I've tried using 
mod_auth_radius but for some reason, mod_auth_radius doesn't appear to 
be setting the required cookie.

	The authentication request is accepted by the RADIUS server and the web 
page returned.  The browser then requests the images and stylesheets and 
I can see the basic authentication being sent but no cookie. 
mod_auth_radius then requeries the RADIUS and because it's a one-time 
password the request is denied :-(

	Is anyone else using mod_auth_radius on an accelerator with one-time 
passwords ???  I'd be interested to know if anyone has managed to get 
this to work !!!

	I believe the relevant details from httpd.conf are:

  AddRadiusAuth a.b.c.d:1645 xxxxxx 5:3
  AddRadiusCookieValid 60

  <Location />
   AuthType Basic
   AuthName "External Access"

   AuthAuthoritative Off
   AuthRadiusAuthoritative On
   AuthRadiusActive On

   require valid-user
  </Location>


At present we're fronting Apache with Squid and RADIUS authentication. 
This overcomplicates matters and introduces another problem.  I'd like 
to simplify things and reduce it to just Apache.

Does anyone know if (assuming I can get mod_auth_radius to work 
successfully) whether this can be combined with group access ???

If anyone can suggest an alternate auth module then I'll take a look at 
that, too.

Many thanks in advance,


				Neil.

-- 
Neil Hillard                    hillardn@whl.co.uk
Westland Helicopters Ltd.       http://www.whl.co.uk/

Disclaimer: This message does not necessarily reflect the
             views of Westland Helicopters Ltd.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org