How to make apache2 authenticate against MS SQL 2000 Server - Page 3
On this page
5.2. Apache part
After some googling again I found that there is an apache module, that makes it authenticate against almost everything. Modules name is mod_auth_external and project is located at http://www.unixpapa.com/mod_auth_external.html
Special interest for me was that “The external authentication program can be a shell script or perl program” (or as I strongly suspected - java program as in my case).
I’ve got the version that was suitable for our apache and unpacked it:
wget http://www.unixpapa.com/software/mod_auth_external-2.2.11.tar.gz
tar –xvzf mod_auth_external-2.2.11.tar.gz
README and INSTALL files from that package revealed pretty much all I needed to set it up.
Suse didn’t have apxs that was needed to compile and install the module – so I installed apxs2 which is in apache2-devel package from iso that has been mounted under /mnt/iso4.
rpm -ivh /mnt/iso4/suse/x86_64/apache2-devel-2.0.49-27.8.x86_64.rpm
Further following instructions in INSTALL file of mod_auth_external I compiled and installed mod_auth_external:
apxs2 -c mod_auth_external.c
apxs2 -i -a mod_auth_external.la
apxs should do some configuration but it was already warning in INSTALL file that it does not work in some cases.
So I manually added the line to /etc/apache2/sysconfig.d/loadmodule.conf line:
LoadModule auth_external_module /usr/lib64/apache2-prefork/mod_auth_external.so
And linked the mod_auth_external.so from /usr/lib64/apache2/mod_auth_external.so to /usr/lib64/apache2-prefork/mod_auth_external.so where our apache takes all its modules from.
Last thing that had to be done to configure apache – set directives in httpd.conf and <directory> as it was described in INSTALL.
But before that – I realized that there are incompatibilities in my testConnection.java. mod_auth_external can pass parameters to scripts as ENV variables, via pipe, checkpassword or hardcodedfunction (sybase, radius). I had to pass password and username to testConnection as command line arguments in first version - so easiest seemed to rewrite it to take username and password from stdin (pipe).
Another change I made was because The sample perl scripts if authentication was unsuccessful terminated with
exit 0
and if successful with
exit 1
I made analog changes in my java program.