Howto use OTP with Apache
- date: 25.04.2006
author: CorneliusKoelbel
<cornelius.koelbel AT lsexperts DOT de>
The information on the page is taken from http://www.freeradius.org/mod_auth_radius/
To integrate mod_auth_radius into an existing apache installation, you should use the apxs tool coming with apache:
apxs -i -a -c mod_auth_radius.c
You can then add radius authentication for specific directories.
<Directory /somewhere> AuthRadiusServer <default-server>[:port] <secret> [<seconds>] AuthRadiusServer <backup-server>[:port] <secret> [<seconds>] AuthRadiusAuthoritative on AuthType Basic AuthName "Radius for Somewhere" </Directory>
You may use multiple Radius Servers for Backup and Failover reasons by just multiple
AddRadiusAuth <server>[:port] <secret> [<seconds>]
lines within your configuration file(s).
On my Fedora Core 2 only the original version 1.3.3 worked. The newer one 1.4.2 produced compilation errors. I have not tested the version 1.5.7, yet.
mod_auth_radius.c-version-1.3.3 which worked for me
The latest version 1.5.7 seems to have changed its configuration style. Please take a look at a sample configuration here: http://www.freeradius.org/mod_auth_radius/httpd.conf
Radius and Apache 2.2
Apache 2.2 uses another authentication mechanism of authentication provider. An auth module should have a function returning its authentication provider name.
It would then be used like
AuthType Basic AuthBasicProvider myProvider require valid-user
Unfortunately the freeradius module does not do this. So it can not be used with Apache 2.2.
Take a look at mod_auth_xradius, which is a bit tricky to set up. A HOWTO regarding this will follow.
source: http://www.freeradius.org/, http://www.outoforder.cc/projects/apache/mod_auth_xradius/