Re: xradius and otp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Cornelius,

Cornelius Kölbel wrote:
> I am trying to use mod_auth_xradius with ubuntu 7.04, apache 2.2
> I compiled and installed/configured it successfully. Thanks to an earlier questions.
> 
> But I'd like to use one time passwords.
> 
> The first time I access my website http://secret-site3 the authentication works fine.
> 
> But when i click on another link on this page, i time out and some times I get a second auth request.
> 
> My vhost config looks like this:
> 
> --snip--
> LoadModule auth_xradius_module /usr/lib/apache2/modules/mod_auth_xradius.so
> ## If you do not want Authentication Caching, set:
> #AuthXRadiusCache none -
> AuthXRadiusCache dbm "/usr/lib/apache2/auth_xradius_cache"
> # 1h Timeout.
> AuthXRadiusCacheTimeout 3600

<snip>

> Is it right that the basic authentication sends the credentials again, when going to another link?
> Then of course the OTP would not be valid anymore.
> 
> I think the module needs to remember, that the user was authenticated. I think mod_auth_radius of freeradius used to use session cookies, but this module won't run with apache 2.2.
> How could it be done using mod_auth_xradius?

The purpose of the cache is to store the username / password pairs so
they can be validated without hitting the RADIUS server (which would
fail).  You appear to have configured the cache but it doesn't appear to
be working.

I can confirm that we are using it in this exact situation (in fact Paul
wrote it for us!) and we don't have any problems.

We actually use memcache:

AuthXRadiusCache memcache "127.0.0.1:11211"

but it may be something to do with your permissions on:

/usr/lib/apache2/auth_xradius_cache

Does the user Apache is running as have permission to access/create the
file?

HTH,


				Neil.

-- 
Neil Hillard                    neil.hillard@xxxxxxxxxxxxxxxxxx
AgustaWestland                  http://www.whl.co.uk/

Disclaimer: This message does not necessarily reflect the
            views of Westland Helicopters Ltd.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux