Mixing Apache Authentication

From Deimos.fr / Bloc Notes Informatique
Jump to: navigation, search

1 Mixing PAM

1.1 Linux

How to mix pam authentication (mod_auth_pam) and text file authentication (mod_auth) with Apache. First install this package :

Command apt-get
apt-get install libapache2-mod-auth-pam

Then configure your htaccess :

AuthPAM_Enabled on
AuthPAM_FallThrough on
AuthAuthoritative Off
AuthUserFile /etc/apache2/htpassword
AuthType Basic
AuthName "Restricted Access"
Require valid-user

If mod_auth_pam doesn't find a valid user, it fallback to mod_auth authentication automatically.

Here is another example with webdav :

Configuration File /etc/apache2/site-enables/default
    Alias /webdav /var/www/ngs
    <Location /webdav>
        DAV On
        AuthPAM_Enabled on
        AuthBasicAuthoritative Off 
        AuthPAM_FallThrough off 
        AuthUserFile /dev/null
        AuthType Basic
        AuthName "Webdav Authentication"
        Require group ngs 
    </Location>

1.2 OpenBSD

Sur OpenBSD, j'ai du installer mod_auth_bsd :

pkg_add -iv mod_auth_bsd

Ensuite, activez le module pour apache :

/usr/local/sbin/mod_auth_bsd-enable

Puis redémarrer apache de cette façon :

apachectl stop
apachectl start

Puis dans la configuration d'apache /var/www/conf/http.conf, rajoutez ceci :

AuthBSDGroup auth

<Directory /var/www/htdocs/private>
   SSLRequireSSL
   AuthType Basic
   AuthName "ACME Login"
   AuthBSD On
   Require valid-user
</Directory>

2 Restricition by IP address

Imagine Jinzora. You don't want all your musics to be on the web. Just simply add this to your VirtualHost configuration :

vi /etc/apache2/sites-enabled/[email protected]
<Location /jinzora>
        Order deny,allow
        Deny from all
        Allow from 192.168.0.0/24
</Location>

This will allow all the 192.168.0.0 subnet to access to your website. The reload apache :-)

/etc/init.d/apache2 reload

3 Restriction by htaccess

This documentation is on how to protect a directory by htaccess (login + password).

Insert thos lines and adapt to your configuration (/etc/apache2/sites-enabled/000-default) :

Configuration File /etc/apache2/sites-enabled/000-default
        <Directory /var/www/myhtaccess>
                AllowOverride AuthConfig
                Order allow,deny
                allow from all
        </Directory>

Then create a file .htaccess in /var/www/myhtaccess and put this :

Configuration File /var/www/myhtaccess
AuthType Basic
AuthName "Acces Prive"
AuthGroupFile /dev/null
AuthUserFile /etc/apache2/htaccesspassword
 
<Limit GET POST>
        Require valid-user
</Limit>
 
php_value magic_quotes_runtime 1
php_value magic_quotes_gpc 1

Then create your access file with the user (/etc/apache2/htaccesspassword) :

Command htpasswd
htpasswd -c /etc/apache2/htaccesspassword username

For the next time, to add users, just get off "-c" like that :

Command htpasswd
htpasswd /etc/apache2/htaccesspassword username

Don't forget to restart apache :-)

For a good documentation, follow this : Documentation on Htaccess

4 Authentication by Countries

Deny Or Allow Countries With Apache htaccess

5 Authentification through Radius

Here is how to authentificate through a radius server :

Radius Authentification
How To Configure Apache To Use Radius For Two-Factor Authentication On Ubuntu