Re: [users@httpd] xradius and otp

Thu, 20 Sep 2007 04:35:27 -0700 

Cornelius,

Cornelius Kölbel wrote:
> I am trying to use mod_auth_xradius with ubuntu 7.04, apache 2.2
> I compiled and installed/configured it successfully. Thanks to an earlier 
> questions.
> 
> But I'd like to use one time passwords.
> 
> The first time I access my website http://secret-site3 the authentication 
> works fine.
> 
> But when i click on another link on this page, i time out and some times I 
> get a second auth request.
> 
> My vhost config looks like this:
> 
> --snip--
> LoadModule auth_xradius_module /usr/lib/apache2/modules/mod_auth_xradius.so
> ## If you do not want Authentication Caching, set:
> #AuthXRadiusCache none -
> AuthXRadiusCache dbm "/usr/lib/apache2/auth_xradius_cache"
> # 1h Timeout.
> AuthXRadiusCacheTimeout 3600

<snip>

> Is it right that the basic authentication sends the credentials again, when 
> going to another link?
> Then of course the OTP would not be valid anymore.
> 
> I think the module needs to remember, that the user was authenticated. I 
> think mod_auth_radius of freeradius used to use session cookies, but this 
> module won't run with apache 2.2.
> How could it be done using mod_auth_xradius?

The purpose of the cache is to store the username / password pairs so
they can be validated without hitting the RADIUS server (which would
fail).  You appear to have configured the cache but it doesn't appear to
be working.

I can confirm that we are using it in this exact situation (in fact Paul
wrote it for us!) and we don't have any problems.

We actually use memcache:

AuthXRadiusCache memcache "127.0.0.1:11211"

but it may be something to do with your permissions on:

/usr/lib/apache2/auth_xradius_cache

Does the user Apache is running as have permission to access/create the
file?

HTH,


                                Neil.

-- 
Neil Hillard                    [EMAIL PROTECTED]
AgustaWestland                  http://www.whl.co.uk/

Disclaimer: This message does not necessarily reflect the
            views of Westland Helicopters Ltd.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to