forked from gplll/mod_authz_securepass
-
Notifications
You must be signed in to change notification settings - Fork 0
/
INSTALL
executable file
·87 lines (67 loc) · 3.23 KB
/
INSTALL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
There isn't yet a ready to use package available, but compiling this module is really simple.
Follow the steps below:
1)
Configure Apache to use cas. Follow the guide:
http://support.secure-pass.net/wiki/index.php/Apache
2)
Install apxs (APache eXtenSion tool) usually provided with the development package of Apache.
For Debian-like distro install apxs with:
apt-get install apache2-prefork-dev
# or
apt-get install apache2-threaded-dev
For RedHat distro install apxs with
yum install -y httpd-devel make gcc
3)
Download the source from git from the stable branch:
git clone https://github.com/garlsecurity/mod_authz_securepass.git -b master
cd mod_authz_securepass
4)
Compile the module and install it:
make install
5)
In your Apache configuration, place the following line to load this module:
LoadModule authz_securepass_module /path/to/mod_authz_securepass.so
6)
configure mod_authz_securepass using the following directives:
Valid Server/VirtualHost Directives
-----------------------------------
Directive: AuthzSecurepassDebug
Default: Off
Description: Set to On to enable debugging mode for troubleshooting.
Directive: AuthzSecurepassCheckGroup
Default: On
Description: Set to Off to disable checking of group associated to the user
Directive: AuthzSecurepassRESTfulAPI
Default: NULL
Description: URL of RESTful API where to check if a user belongs to a group
Directive: AuthzSecurepassAppID
Default: NULL
Description: Value of X-SecurePass-App-ID to be inserted into HTTP header to invoke Securepass RESTful API
Directive: AuthzSecurepassAppSecret
Default: NULL
Description: Value of X-SecurePass-App-Secret to be inserted into HTTP header to invoke Securepass RESTful API
Directive: AuthzSecurepassGroupCachePath
Default: NULL
Description: The file system directory where mappings betweeen users and Securepass groups are cached
Directive: AuthzSecurepassGroupTimeout
Default: 600 (10 minutes)
Description: The limit in seconds for the cached mappings between users and Securepass groups.
When a mapping has reached this age, the user is checked again against the Securepass RESTful API.
If set to 0, the mapping will not be cached
Directive: AuthzSecurepassCacheCleanInterval
Default: 1800 (30 minutes)
Description: The minimum amount of time that must pass inbetween cache
cleanings. When a new mapping is cached, the time of the last cache
clean is compared against this value. If AuthzSecurepassCacheCleanInterval seconds
have passed since the last cleaning, then all files in AuthzSecurepassGroupCachePath
are examined and if they have expired, they are removed. This is to prevent the
file system from becoming excessively cluttered.
Valid Directory/.htaccess Directives
-----------------------------------
Directive: AuthzSecurepass
Default: Off
Description: Set to On to enable SecurePass module
Directive: AuthzSecurepassAuthoritative
Default: On
Description: Set to Off to allow access control to be passed along to lower
modules if this module can't confirm access rights