I2A2::Acess Module Configuration
- Add the following in the main body of the web server configuration file:
- Change host.domain to your host's name
- Modify the path to the "secret" file - don't forget to create the file
PerlModule I2A2::Access PerlSetVar TicketLoginURL https://host.domain/ticketLogin PerlSetVar TicketSecret /path/to/file/secrets_key.txt
- For the directories you want to protect, define the restrictions:
-
Modify the "directory" path of the files you want to protect
<Directory /opt/apache/htdocs/protected> # Set the Access handler - this is inherited by subdirectories PerlAccessHandler I2A2::Access # AllowUser, DenyUser, and CharsExp commands # For example, allow any authenticated user here CharsExp (0|~0) </Directory> <Directory /opt/apache/htdocs/protected/employee> # Only allow employees here (the Employee characteristic is 0) CharsExp 0 </Directory> <Directory /opt/apache/htdocs/protected/student> # Only allow students here (the Student characteristic is 1) CharsExp 1 </Directory>
-
Add the following to the configuration for the SSL virtual host (https):
-
Change host.domain to your host's name
PerlModule I2A2::TicketLogin # This controls how long the 'ticket' will be valid (minutes) PerlSetVar TicketExpires 20 <Location /ticketLogin> SetHandler perl-script PerlHandler I2A2::TicketLogin PerlSetVar PurdueCertURL https://host.domain/PurdueCertLogin </Location> SSLCACertificateFile conf/ssl.crt/ca-bundle.crt <Location /PurdueCertLogin> SSLVerifyClient require SSLVerifyDepth 2 SSLOptions +ExportCertData +StdEnvVars SSLRequireSSL AuthName SSL AuthType Basic SetHandler perl-script PerlAuthenHandler Apache::OK PerlHandler I2A2::TicketLogin::PurdueCertLogin </Location>
-
Change host.domain to your host's name
-
Modify the "directory" path of the files you want to protect