Page tree
Skip to end of metadata
Go to start of metadata

The Apache HTTP server is the Apache Software Foundation's web server. See the project's website for more details.

Contents

All of the instructions below assume that you have root access, and will work as the root user (either directly or using sudo).

1. System Preparation

1.1. Add the Moonshot libraries and configure the server

If you have not already done so, you first need to follow the instructions on how to Install Moonshot Libraries on an Alpine Linux Server

2. Installation Instructions

  1. To use the Apache module, install it:

    apk add apache2 mod-auth-gssapi
  2. Ensure that the certificates referenced in /etc/radsec.conf can be read by the Apache user:

    su -s /bin/sh apache
    cat path_to_ca.pem
    cat path_to_client.pem
    cat path_to_client.key
  3. Restart Apache:

    rc-service apache2 start

3. Configuration Instructions

Shibboleth2 Apache module incompatibility

Please read Section in Apache HTTPD on module incompatibilities.

3.1. Protecting a location with Moonshot

To protect a particular location on your Apache server, you must configure it with an AuthType of GSSAPI.

Here's a sample configuration that can get you started to allow anyone with a valid Moonshot account to access /wherever:

<Location "/wherever">
    AuthType GSSAPI
    AddHandler cgi-script .cgi
    Options +ExecCGI
    Require valid-user
    GssapiNameAttributes json
    GssapiConnectionBound On
    GssapiAcceptorName HTTP@hostname
</Location>

Configuration Directives

For more information on the configuration directives supported by the GSSAPI module, see its homepage at https://github.com/modauthgssapi/mod_auth_gssapi.

  • No labels