OutOfOrder.cc :: mod_auth_xradius Documentation

mod_auth_xradius Documentation

Home » Projects » Apache » Mod_auth_xradius » Docs » mod_auth_xradius Documentation

Documentation

Compilation

mod_auth_xradius uses the "configure/make/make install" mechanism common to many Open Source programs. Most of the dirty work is handled by either configure or Apache's apxs utility. If you have built Apache modules before, there shouldn't be any surprises for you.

The interesting options you can pass to configure are:

--with-apxs=/path/to/apache/dir/bin/apxs
This option is used to specify the location of the apxs utility that was installed as part of apache. Specify the location of the binary, not the directory it is located in.
--with-apr-memcache=PREFIX
Prefix to where apr_memcache is installed.
--help
Provides a list of available configure options.

./configure --with-apxs=/usr/local/httpd/bin/apxs --with-apr-memcache=/usr/local/apr
make
make install

Configuring with Apache

mod_auth_xradius has the following directives:

AuthXRadiusAddServer
AuthXRadiusCache
AuthXRadiusCacheTimeout
AuthXRadiusRejectBlank
AuthXRadiusRetries
AuthXRadiusTimeout

Example Configuration:

    ## This Loads mod_auth_xradius into Apache
    LoadModule auth_xradius_module modules/mod_auth_xradius.so
    
    ## The Cache for mod_auth_xradius must be configured globally.
    ## If you do not want Authentication Caching, set:
    # AuthXRadiusCache none -

    ## A Local DBM Based Cache (low performance)
    # AuthXRadiusCache dbm "conf/auth_xradius_cache"

    ## Only a Single memcached Server
    # AuthXRadiusCache memcache "127.0.0.1"
    ## Multiple memcached Servers
    AuthXRadiusCache memcache "127.0.0.1 10.0.0.10 10.0.0.11 10.0.0.11:11212"

    ## Time in Seconds that an entry will be cached.
    AuthXRadiusCacheTimeout 300
        
    <Directory "/path/to/my/docroot">
        ## All of the directives inside the <Directory> block can be placed
        ## inside '.htaccess' files.
            
        ## This is what the client sees in their Prompt.
        AuthName "Private Area"
            
        ## Type of authentication to use.  
        AuthType basic
            
        ## Address and the Shared Secret of the RADIUS Server to contact.
        AuthXRadiusAddServer "localhost:1812" "super-secret"
        ## Multiple Servers can be added in the same context.
        # AuthXRadiusAddServer "10.0.0.10:1812" "2secrets"
        # AuthXRadiusAddServer "10.0.0.11:1812" "secret1"
            
        ## Time in Seconds to wait for replies from the RADIUS Servers
        AuthXRadiusTimeout 2
            
        ## Number of times to resend a request to a server if no reply is received. 
        AuthXRadiusRetries 2
            
        ## This tells apache that we want a valid user and password.
        require valid-user
    <Directory>

AuthXRadiusAddServer

Description:	Add a RADIUS server.
Syntax:	`AuthXRadiusAddServer server_address shared_secret`
Default:	`none`
Context:	directory, .htaccess.

This directive appends to a list of RADIUS servers to use for Authentication. The server address is of the form hostname[:port]. If no port is supplied, the default of 1812 is used.

<Directory /www/site/example.com>
AuthXRadiusAddServer "10.0.0.10:1783" "secret"
# Other Authentication Commands
</Directory>

AuthXRadiusCache

Description:	Configure Authentication Caching
Syntax:	`AuthXRadiusCache [dbm\|memcache\|none] [path\|server list\|-]`
Default:	`none -`
Context:	server config

This directive configures the Authentication Cache for mod_auth_xradius. Both positive and negative results from the RADIUS servers are stored in the cache.

dbm: Uses an APR DBM to cache authentication results. The argument is a relative or absolute path to be used as the DBM Cache file.
memcache: Uses a memcached server to cache both positive and negative authentication results. The argument is a space separated list of servers. If no port number is supplied, the default of 11211 is used.
None: Turns off all caching of authentication results.

Example Usage:

AuthXRadiusCache memcache "10.0.0.1 10.0.0.2 10.0.0.3"

AuthXRadiusCacheTimeout

Description:	Configure Authentication Caching
Syntax:	`AuthXRadiusCache seconds`
Default:	`600`
Context:	server config

Sets the Cache Timeout.

Example Usage:

## Set the Timeout for 1 hour (3600 Seconds)
AuthXRadiusCacheTimeout 3600

AuthXRadiusRejectBlank

Description:	If enabled, Blank passwords will be rejected without querying the RADIUS Servers.
Syntax:	`AuthXRadiusRejectBlank [on\|off]`
Default:	`off`
Context:	directory, .htaccess.

If enabled, any user submitting a blank password will be rejected, without checking with a RADIUS Server or the Authentication Caches.

AuthXRadiusTimeout

Description:	Set how long to wait for a reply from a RADIUS server.
Syntax:	`AuthXRadiusTimeout seconds`
Default:	`2`
Context:	directory, .htaccess.

This determines how long mod_auth_xradius will wait for a reply before giving up on a RADIUS Server.

<Directory /www/site/example.com>
AuthXRadiusTimeout 5
# Other Authentication Commands
</Directory>

AuthXRadiusRetries

Description:	Set the number of retries per-request.
Syntax:	`AuthXRadiusRetries number`
Default:	`2`
Context:	directory, .htaccess.

This directive sets the number of attempts to send a RADIUS request before giving up.

<Directory /www/site/example.com>
AuthXRadiusRetries 5
# Other Authentication Commands
</Directory>

AuthXRadiusTimeout

Description:	Set how long to wait for a reply from a RADIUS server.
Syntax:	`AuthXRadiusTimeout seconds`
Default:	`2`
Context:	directory, .htaccess.

This determines how long mod_auth_xradius will wait for a reply before giving up on a RADIUS Server.

<Directory /www/site/example.com>
AuthXRadiusTimeout 5
# Other Authentication Commands
</Directory>