Page tree
Skip to end of metadata
Go to start of metadata

The Apache HTTP server is the Apache Software Foundation's web server. See the project's website for more details.

Contents

All of the instructions below assume that you have root access, and will work as the root user (either directly or using sudo).

1. System Preparation

1.1. Add the Moonshot libraries and configure the server

If you have not already done so, you first need to follow the instructions on how to Install Moonshot Libraries on a Debian/Ubuntu/Raspbian Server

2. Installation Instructions

  1. To use the Apache module, install it:

    apt-get install libapache2-mod-auth-gssapi
  2. VERIFY! To install the Apache module, issue the following command (or create the appropriate symlinks manually):

    a2enmod auth_gssapi
  3. Ensure that the certificates referenced in /etc/radsec.conf can be read by the Apache user:

    su - --shell=/bin/bash www-data
    cat path_to_ca.pem
    cat path_to_client.pem
    cat path_to_client.key
  4. Verify that the KeepAlive option is enabled in the Apache configuration file /etc/apache2/apache2.conf:

    KeepAlive On
  5. Restart Apache:

    service apache2 restart

3. Configuration Instructions

Shibboleth2 Apache module incompatibility

Please read Section in Apache HTTPD on module incompatibilities.

3.1. Protecting a location with Moonshot

To protect a particular location on your Apache server, you must configure it with an AuthType of GSSAPI.

Here's a sample configuration that can get you started to allow anyone with a valid Moonshot account to access /wherever:

<Location "/wherever">
    AuthType GSSAPI
    AddHandler cgi-script .cgi
    Options +ExecCGI
    Require valid-user
    GssapiNameAttributes json
    GssapiConnectionBound On
    GssapiAcceptorName HTTP@hostname
</Location>

Configuration Directives

For more information on the configuration directives supported by the GSSAPI module, see its homepage at https://github.com/modauthgssapi/mod_auth_gssapi.

  • No labels