The Apache HTTP server is the Apache Software Foundation's web server. See the project's website for more details.
Contents
1. Overview
Apache HTTPD is generally compatible with Moonshot through the use of an Apache GSS-API module. At the moment, packaging is not available for the module meaning you have to build it yourself.
2. Compatibility
2.1. Key
In the tables below, the following icons have the following meanings:
- This version of the software has been tested and verified as supporting Moonshot.
- This version of the software has been tested and verified as not supporting Moonshot.
- This version of the software has not yet been tested thoroughly and its status is not known. Let us know if you have tried it and whether it worked or not!
2.2. Compatibility List
Note that accessing supported versions of this software requires a Moonshot compatible client - see the next section for details on which clients are supported.
Any versions not listed below have not yet been tested. If you do so, please let us know!
Version | Compatible? | Notes |
---|---|---|
Apache 2.4 | ||
Apache 2.2 | Using the Moonshot mod_auth_gssapi module | |
Apache 2.0 | ||
Apache 1.3 |
3. Installation & Configuration
How you set up a Moonshot-enabled version of the Apache HTTP server will differ depending on your OS. See the relevant pages for your particular distribution:
4. Client Compatibility
The following clients are known to work with this server software using Moonshot authentication (click on the link to see further information about enabling Moonshot in that client):
- Microsoft Internet Explorer
- Mozilla Firefox on Linux
- Debian's Iceweasel
5. Next Steps
Once you have installed the software, what happens next?
5.1. Account Mapping
To Come
5.2. Testing
The simplest way to test the Apache Moonshot integration is to create a simple script, protected by Moonshot. To do this, do the following:
Create a simple script to protect by creating a directory for cgi scripts.
$ mkdir /var/www/moonshot
Create a script in that directory called "hello.cgi" with the following content:
#!/bin/sh # disable filename globbing set -f echo Content-type: text/plain echo echo "Hello $REMOTE_USER, you have successfully authenticated." echo "If an identifier is not displayed after Hello, but you can see this page, then your IdP is not releasing the AAA User-Name attribute to this service and you are anonymous." echo echo "Some information about your server:" echo SERVER_SOFTWARE = $SERVER_SOFTWARE echo SERVER_NAME = $SERVER_NAME echo GATEWAY_INTERFACE = $GATEWAY_INTERFACE echo SERVER_PROTOCOL = $SERVER_PROTOCOL echo SERVER_PORT = $SERVER_PORT echo REQUEST_METHOD = $REQUEST_METHOD echo HTTP_ACCEPT = "$HTTP_ACCEPT" echo PATH_INFO = "$PATH_INFO" echo PATH_TRANSLATED = "$PATH_TRANSLATED" echo SCRIPT_NAME = "$SCRIPT_NAME" echo QUERY_STRING = "$QUERY_STRING" echo REMOTE_HOST = $REMOTE_HOST echo REMOTE_ADDR = $REMOTE_ADDR echo REMOTE_USER = $REMOTE_USER echo AUTH_TYPE = $AUTH_TYPE echo CONTENT_TYPE = $CONTENT_TYPE echo CONTENT_LENGTH = $CONTENT_LENGTH
Set the permissions appropriately:
$ chown -R www-data /var/www/moonshot && chmod 755 /var/www/moonshot/hello.cgi
Configure Apache to protect this location, by creating a file at
/etc/apache2/conf.d/moonshot.conf
with the following content:<Directory "/var/www/moonshot/"> AuthType Negotiate Require valid-user AddHandler cgi-script .cgi Options +ExecCGI </Directory>
Restart Apache2
$ service apache2 restart
- Test by browsing to http://$yourservername/moonshot/hello.cgi with a compatible browser.