5.2. Apache part

After some googling again I found that there is an apache module, that makes it authenticate against almost everything. Modules name is mod_auth_external and project is located at http://www.unixpapa.com/mod_auth_external.html

Special interest for me was that “The external authentication program can be a shell script or perl program” (or as I strongly suspected - java program as in my case).
I’ve got the version that was suitable for our apache and unpacked it:

wget http://www.unixpapa.com/software/mod_auth_external-2.2.11.tar.gz
tar –xvzf mod_auth_external-2.2.11.tar.gz

README and INSTALL files from that package revealed pretty much all I needed to set it up.
Suse didn’t have apxs that was needed to compile and install the module – so I installed apxs2 which is in apache2-devel package from iso that has been mounted under /mnt/iso4.

rpm -ivh /mnt/iso4/suse/x86_64/apache2-devel-2.0.49-27.8.x86_64.rpm

Further following instructions in INSTALL file of mod_auth_external I compiled and installed mod_auth_external:

apxs2 -c mod_auth_external.c
apxs2 -i -a mod_auth_external.la

apxs should do some configuration but it was already warning in INSTALL file that it does not work in some cases.
So I manually added the line to /etc/apache2/sysconfig.d/loadmodule.conf line:

LoadModule auth_external_module /usr/lib64/apache2-prefork/mod_auth_external.so
 

And linked the mod_auth_external.so from /usr/lib64/apache2/mod_auth_external.so to /usr/lib64/apache2-prefork/mod_auth_external.so where our apache takes all its modules from.

Last thing that had to be done to configure apache – set directives in httpd.conf and <directory> as it was described in INSTALL.

But before that – I realized that there are incompatibilities in my testConnection.java. mod_auth_external can pass parameters to scripts as ENV variables, via pipe, checkpassword or hardcodedfunction (sybase, radius). I had to pass password and username to testConnection as command line arguments in first version - so easiest seemed to rewrite it to take username and password from stdin (pipe).

Another change I made was because The sample perl scripts if authentication was unsuccessful terminated with

exit 0

and if successful with

exit 1

I made analog changes in my java program.

This page is licensed under a Creative Commons License.