Apache Web Server with the I2A2::Access Module
To use the I2A2::Access Module you must have an
Apache Web Server built with mod_ssl and mod_perl.
If you're familiar with building an Apache Web Server, you need to build
Apache with the mod_ssl and mod_perl extensions.
If you're not familiar with building an Apache Web Server, the "Apache"
package (below) will do most (if not all) of the work. Building the
Apache Server also requires having OpenSSL, so the "OpenSSL" package may
also be useful.
If you want to install the I2A2 Apache package on Linux, you might
want to consult notes
on doing that, provided by Michael Witt of the Purdue Libraries.
I2A2:Access Module
You'll also need the following Perl modules. These are included in the "modules" package (below).
- Apache modules (installed from mod_perl sources)
- CGI.pm.
- Digest-MD5.
- Net_SSLeay. (use version 1.07 or later)
- MIME-Base64.
And, finally, the I2A2 package (see below).
Packages
The following packages have been put together to help in building the Apache Server:
- openssl-0.9.6i_pkg.tar.gz to build and install OpenSSL
- apache_1.3.27_pkg.tar.gz to build and install Apache with mod_ssl and mod_perl
- modules-0.3_pkg.tar.gz to build and install the necessary Perl modules
- I2A2-0.83_pkg.tar.gz to build and install the I2A2 modules
Fetch the packages you need and extract each of them into the same directory. Then, "cd" into I2A2_build (the
packages all share this top level directory) and run ./Config. Config will ask where OpenSSL and Apache are installed
(or should be installed) and generate an appropriate Makefile for each package you extracted.
Then "cd" into each directory and run "make" and "make install"
Setting up the I2A2::Access Module
Once you have an Apache Server with mod_perl and mod_ssl installed. . .
To accept Purdue Certificates, you must have a copy of the Purdue CA public key certificate installed in the CA bundle
for Apache (normally conf/ssl.crt/ca-bundle.crt). If you used the 1.3.27 package to build Apache, or used the
mod_ssl-2.8.12-1.3.27 patch the certificate should already be installed.
You also need to have a certificate for your Apache SSL server. You can generate a self-signed certificate by returning
to the Apache sources and running "make certificate". Then copy the cerficate (and key) from conf/ssl.crt/server.crt
(conf/ssl.key/server.key) in the source tree to conf/ssl.crt/server.crt (conf/ssl.key/server.key) in the Apache installation.
Ports - The following services need to be available in /etc/services (or /etc/inet/services):
authc 1561/tcp # CC - I2A2 authenticator, text access
authcs 1562/tcp # CC - I2A2 authenticator, SSL access
authz 1563/tcp # CC - I2A2 authorizer, text access
authzs 1564/tcp # CC - I2A2 authorizer, SSL access
refl 1565/tcp # CC - I2A2 reflector, text access
refls 1566/tcp # CC - I2A2 reflector, SSL access
In the Apache configuration file, httpd.conf, you need to set up the variables TicketLoginURL and TicketSecret, describe
the desired permissions for directories you wish to protect, and set up the login pages in the SSL Server. Here is more
information on setting up the
configuration.
The I2A2::Access related Apache configuration directives are described in
I2A2::Access Apache documentation.