1# NOTE: THIS CONFIGURATION IS FOR APACHE 2 ONLY.
2#
3# Modify this to your liking and include it in httpd.conf.
4# -----------------------------------------------------------------------------
5
6PerlModule ModPerl::Util
7PerlModule Apache2::Request
8PerlModule Apache2::RequestRec
9PerlModule Apache2::RequestIO
10PerlModule Apache2::RequestUtil
11PerlModule Apache2::ServerUtil
12PerlModule Apache2::Connection
13PerlModule Apache2::Log
14PerlModule Apache::Session
15PerlModule APR::Table
16PerlModule ModPerl::Registry
17PerlModule "Apache2::Const => ':common'"
18PerlModule "APR::Const => ':common'"
19
20PerlModule Apache2::SiteControl
21PerlModule HTML::Mason::ApacheHandler
22
23# Uncomment this next line if you get errors from libapreq2
24# about an 'undefined symbol'
25LoadModule apreq_module /usr/lib/apache2/modules/mod_apreq2.so
26
27# Add Netdot's libraries to @INC
28PerlSwitches -I<<Make:PREFIX>>/lib
29
30<Perl>
31# Set up the Mason handler and global variables and import modules.
32use Netdot::Mason;
33
34# Override SiteControl's login method 
35use Netdot::SiteControlLoginWrapper;
36</Perl>
37
38# Force UTF8
39PerlSetVar MasonPreamble "use utf8;"
40AddDefaultCharset utf-8 
41
42# If you would like to put netdot somewhere other than ``/netdot''
43# just change this alias, the location of the login target
44# (i.e. /netdot/NetdotLogin), and the variable NetdotPath below.  
45Alias /netdot "<<Make:PREFIX>>/htdocs/"
46
47# Set the path that will be protected.
48#
49# *NOTE* This variable is used to determine absolute paths where
50# needed in the netdot pages.  The Netdot corresponds to AuthName
51# Netdot below.  If you want to change the AuthName you will still
52# need this variable as the Mason code assumes you didn't change the
53# AuthName.
54PerlSetVar NetdotPath "/netdot/"
55
56# Indicate the path to the login page. Be careful, HTML::Mason can 
57# interfere with proper handling...make sure you know your dependencies.
58# See samples and Apache::AuthCookie for more information.
59PerlSetVar NetdotLoginScript /netdot/login.html
60
61# See Apache::AuthCookie for descriptions of these.  
62#
63# A general note about these Netdot variables: Some are accessed when
64# a user requests a page and others are accessed when a user attempts
65# to login.  In our setup the login target (NetdotLogin) is in the
66# same apache scope as the netdot pages (/netdot) and these variables
67# are specified at the global scope so there isn't an issue, but if
68# you decide to move them inside a Directory, Files, or Location block
69# and move the login target be sure that you put the right variables
70# in the right places (hint: you will probably have to read the
71# AuthCookie code as it is not clear from the docs, if you don't want
72# any duplicates).  The same probably goes for the SiteControl and
73# other non prefixed variables, but since they don't have prefixes it
74# would be inconsiderate to put them at the top level (pollute the
75# global name space), and so if you move the login target be sure to
76# duplicate any relevant variables (again, it might not be obvious
77# which).
78PerlSetVar NetdotSatisfy All
79# If this is set you wont be able to use unqualified hostnames and
80# rely on DNS to supply the domain.  DNS will supply the domain no
81# doubt, but the browser doesn't see it so the cookie will be invalid.
82# Also, a hostname isn't valid here.
83#PerlSetVar NetdotDomain .uoregon.edu
84PerlSetVar NetdotCache 1
85
86# We change the value of NetdotExpires dynamically to implement both
87# temporary and permanent sessions.  NetdotTemporySessionExpires
88# specifies the length of the tempory sessions, i.e. it corresponds to
89# NetdotExpires in a typical AuthCookie setup.
90PerlSetVar NetdotTemporarySessionExpires +2h
91
92<Directory <<Make:PREFIX>>/htdocs/>
93   Order Deny,Allow
94   Allow from all
95
96   # Other applications may have attempted to override how .html files are
97   # interpreted.  We need to reset this so that HTML::Mason can work 
98   # correctly.
99   AddType text/html .html
100
101   # This is hackish but it works.  It is preferred over handling all
102   # files in /netdot as this causes requests for /netdot or /netdot/
103   # to fail (DirectoryIndex doesn't get handled correctly).  The
104   # "proper" way to handle this is with rewrite rules or
105   # fixuphandlers I think, but this works: Handle everything which
106   # isn't /netdot or /netdot/, i.e. which has atleast one non / char
107   # in its name relative /netdot/, with mason.
108   <FilesMatch .>
109       SetHandler perl-script
110       PerlHandler Netdot::Mason
111   </FilesMatch>
112
113   # Prevent mason from handling css and javascript
114   <FilesMatch (\.css|\.js)$>
115       SetHandler default-handler
116   </FilesMatch>
117
118   AuthType Apache2::SiteControl
119   AuthName Netdot
120   # Choose a name for the instance of the authenticator. This name is
121   # used as part of the remaining variable names.
122   PerlSetVar AuthName Netdot
123   require valid-user
124
125   # Allow access to the css and and title image so the login page
126   # displays correctly.  The anonymous sub is somehow equiv to the
127   # specification of the constant explicitly.  The point is that you
128   # can't simply turn off authentication for particular files, you
129   # must provide a new handler which allows all requests instead.    
130   <FilesMatch (\.css|title\.png)$>
131        PerlAuthenHandler Apache2::Const::OK #'sub { return OK }'
132        PerlAuthzHandler Apache2::Const::OK #'sub { return OK }'
133   </FilesMatch>
134
135   # RADIUS parameters are set in the login target Location directive
136   # below.
137   PerlSetVar SiteControlMethod Netdot::Radius
138
139   # Turn on debugging
140   PerlSetVar AccessControllerDebug 1
141   PerlSetVar AuthCookieDebug 1
142   PerlSetVar SiteControlDebug 1
143
144   # Configure the factories. See SiteControl::UserFactory and
145   # SiteControl::ManagerFactory
146   PerlSetVar SiteControlManagerFactory Netdot::NetdotPermissionFactory
147
148   # Configure the location of the session data on server disks
149   # NOTE: apache should have read/write access to these locations. 
150   PerlSetVar SiteControlSessions <<Make:PREFIX>>/tmp/sessions
151   PerlSetVar SiteControlLocks <<Make:PREFIX>>/tmp/sessions/locks
152
153   # Tell mod_perl that you want this module to control access:
154   PerlAuthenHandler Apache2::SiteControl->authenticate
155   PerlAuthzHandler Apache2::SiteControl->authorize
156
157   # See Apache2::SiteControl::UserFactory.  There are more variables,
158   # but this seems to be the only one which makess SiteControl insult
159   # you in the logs :P
160   PerlSetVar UserObjectPasswordKey "Netdot gets the last laugh"
161</Directory>
162
163<Location /netdot/NetdotLogin>
164   SetHandler perl-script
165   PerlHandler Netdot::SiteControlLoginWrapper->login
166
167   # Stop AuthCookie from preventing access to NetdotLogin
168   # (which would create an authen loop).
169   PerlAuthenHandler Apache2::Const::OK
170   PerlAuthzHandler Apache2::Const::OK
171
172   PerlSetVar NetdotRadiusHost "localhost"
173   PerlSetVar NetdotRadiusSecret "testing123"
174   PerlSetVar NetdotRadiusHost2 "otherhost"
175   PerlSetVar NetdotRadiusSecret2 "testing123"
176   PerlSetVar NetdotRadiusTimeOut "5"
177   PerlSetVar NetdotRadiusFailToLocal "yes"
178</Location>
179