1# NOTE: THIS CONFIGURATION IS FOR APACHE 2 ONLY. 2# 3# Modify this to your liking and include it in httpd.conf. 4# ----------------------------------------------------------------------------- 5 6PerlModule ModPerl::Util 7PerlModule Apache2::Request 8PerlModule Apache2::RequestRec 9PerlModule Apache2::RequestIO 10PerlModule Apache2::RequestUtil 11PerlModule Apache2::ServerUtil 12PerlModule Apache2::Connection 13PerlModule Apache2::Log 14PerlModule Apache::Session 15PerlModule APR::Table 16PerlModule ModPerl::Registry 17PerlModule "Apache2::Const => ':common'" 18PerlModule "APR::Const => ':common'" 19 20PerlModule Apache2::SiteControl 21PerlModule HTML::Mason::ApacheHandler 22 23# Uncomment this next line if you get errors from libapreq2 24# about an 'undefined symbol' 25LoadModule apreq_module /usr/lib/apache2/modules/mod_apreq2.so 26 27# Add Netdot's libraries to @INC 28PerlSwitches -I<<Make:PREFIX>>/lib 29 30<Perl> 31# Set up the Mason handler and global variables and import modules. 32use Netdot::Mason; 33 34# Override SiteControl's login method 35use Netdot::SiteControlLoginWrapper; 36</Perl> 37 38# Force UTF8 39PerlSetVar MasonPreamble "use utf8;" 40AddDefaultCharset utf-8 41 42# If you would like to put netdot somewhere other than ``/netdot'' 43# just change this alias, the location of the login target 44# (i.e. /netdot/NetdotLogin), and the variable NetdotPath below. 45Alias /netdot "<<Make:PREFIX>>/htdocs/" 46 47# Set the path that will be protected. 48# 49# *NOTE* This variable is used to determine absolute paths where 50# needed in the netdot pages. The Netdot corresponds to AuthName 51# Netdot below. If you want to change the AuthName you will still 52# need this variable as the Mason code assumes you didn't change the 53# AuthName. 54PerlSetVar NetdotPath "/netdot/" 55 56# Indicate the path to the login page. Be careful, HTML::Mason can 57# interfere with proper handling...make sure you know your dependencies. 58# See samples and Apache::AuthCookie for more information. 59PerlSetVar NetdotLoginScript /netdot/login.html 60 61# See Apache::AuthCookie for descriptions of these. 62# 63# A general note about these Netdot variables: Some are accessed when 64# a user requests a page and others are accessed when a user attempts 65# to login. In our setup the login target (NetdotLogin) is in the 66# same apache scope as the netdot pages (/netdot) and these variables 67# are specified at the global scope so there isn't an issue, but if 68# you decide to move them inside a Directory, Files, or Location block 69# and move the login target be sure that you put the right variables 70# in the right places (hint: you will probably have to read the 71# AuthCookie code as it is not clear from the docs, if you don't want 72# any duplicates). The same probably goes for the SiteControl and 73# other non prefixed variables, but since they don't have prefixes it 74# would be inconsiderate to put them at the top level (pollute the 75# global name space), and so if you move the login target be sure to 76# duplicate any relevant variables (again, it might not be obvious 77# which). 78PerlSetVar NetdotSatisfy All 79# If this is set you wont be able to use unqualified hostnames and 80# rely on DNS to supply the domain. DNS will supply the domain no 81# doubt, but the browser doesn't see it so the cookie will be invalid. 82# Also, a hostname isn't valid here. 83#PerlSetVar NetdotDomain .uoregon.edu 84PerlSetVar NetdotCache 1 85 86# We change the value of NetdotExpires dynamically to implement both 87# temporary and permanent sessions. NetdotTemporySessionExpires 88# specifies the length of the tempory sessions, i.e. it corresponds to 89# NetdotExpires in a typical AuthCookie setup. 90PerlSetVar NetdotTemporarySessionExpires +2h 91 92<Directory <<Make:PREFIX>>/htdocs/> 93 Order Deny,Allow 94 Allow from all 95 96 # Other applications may have attempted to override how .html files are 97 # interpreted. We need to reset this so that HTML::Mason can work 98 # correctly. 99 AddType text/html .html 100 101 # This is hackish but it works. It is preferred over handling all 102 # files in /netdot as this causes requests for /netdot or /netdot/ 103 # to fail (DirectoryIndex doesn't get handled correctly). The 104 # "proper" way to handle this is with rewrite rules or 105 # fixuphandlers I think, but this works: Handle everything which 106 # isn't /netdot or /netdot/, i.e. which has atleast one non / char 107 # in its name relative /netdot/, with mason. 108 <FilesMatch .> 109 SetHandler perl-script 110 PerlHandler Netdot::Mason 111 </FilesMatch> 112 113 # Prevent mason from handling css and javascript 114 <FilesMatch (\.css|\.js)$> 115 SetHandler default-handler 116 </FilesMatch> 117 118 AuthType Apache2::SiteControl 119 AuthName Netdot 120 # Choose a name for the instance of the authenticator. This name is 121 # used as part of the remaining variable names. 122 PerlSetVar AuthName Netdot 123 require valid-user 124 125 # Allow access to the css and and title image so the login page 126 # displays correctly. The anonymous sub is somehow equiv to the 127 # specification of the constant explicitly. The point is that you 128 # can't simply turn off authentication for particular files, you 129 # must provide a new handler which allows all requests instead. 130 <FilesMatch (\.css|title\.png)$> 131 PerlAuthenHandler Apache2::Const::OK #'sub { return OK }' 132 PerlAuthzHandler Apache2::Const::OK #'sub { return OK }' 133 </FilesMatch> 134 135 # RADIUS parameters are set in the login target Location directive 136 # below. 137 PerlSetVar SiteControlMethod Netdot::Radius 138 139 # Turn on debugging 140 PerlSetVar AccessControllerDebug 1 141 PerlSetVar AuthCookieDebug 1 142 PerlSetVar SiteControlDebug 1 143 144 # Configure the factories. See SiteControl::UserFactory and 145 # SiteControl::ManagerFactory 146 PerlSetVar SiteControlManagerFactory Netdot::NetdotPermissionFactory 147 148 # Configure the location of the session data on server disks 149 # NOTE: apache should have read/write access to these locations. 150 PerlSetVar SiteControlSessions <<Make:PREFIX>>/tmp/sessions 151 PerlSetVar SiteControlLocks <<Make:PREFIX>>/tmp/sessions/locks 152 153 # Tell mod_perl that you want this module to control access: 154 PerlAuthenHandler Apache2::SiteControl->authenticate 155 PerlAuthzHandler Apache2::SiteControl->authorize 156 157 # See Apache2::SiteControl::UserFactory. There are more variables, 158 # but this seems to be the only one which makess SiteControl insult 159 # you in the logs :P 160 PerlSetVar UserObjectPasswordKey "Netdot gets the last laugh" 161</Directory> 162 163<Location /netdot/NetdotLogin> 164 SetHandler perl-script 165 PerlHandler Netdot::SiteControlLoginWrapper->login 166 167 # Stop AuthCookie from preventing access to NetdotLogin 168 # (which would create an authen loop). 169 PerlAuthenHandler Apache2::Const::OK 170 PerlAuthzHandler Apache2::Const::OK 171 172 PerlSetVar NetdotRadiusHost "localhost" 173 PerlSetVar NetdotRadiusSecret "testing123" 174 PerlSetVar NetdotRadiusHost2 "otherhost" 175 PerlSetVar NetdotRadiusSecret2 "testing123" 176 PerlSetVar NetdotRadiusTimeOut "5" 177 PerlSetVar NetdotRadiusFailToLocal "yes" 178</Location> 179