Apache::AppSamurai::AuthRadius - Check credentials against RADIUS service
The module is selected and configured inside the Apache configuration.
# Example with an authname of "fred" for use as part of an Apache config. # Configure as an authentication method PerlSetVar fredAuthMethods "AuthRadius" # Set the IP and port to send Radius requests to PerlSetVar fredAuthRadiusConnect "10.10.10.10:1812" # Set the RADIUS key to use PerlSetVar fredAuthRadiusSecret "ThePasswordJustBetterNotBePASSWORD" # Set the timeout for the RADIUS connection PerlSetVar fredAuthRadiusTimeout 5
This Apache::AppSamurai authentication module checks a username and password against a backend RADIUS service.
This module is one way to access strong authentication systems, like RSA SecurID. Note that features like "Next Tokencode" are not supported by this module at this time, so Apache::AppSamurai can not help users re-synchronize their tokens.
The basic Apache::AppSamurai::AuthBase configuration options are supported. Additional options are described below. The following must be preceded by the auth name and the auth module name, AuthRadius. For example, if you wish to set the Connect value for the auth name "Jerry", you would use:
Connect
PerlSetVar JerryAuthRadiusConnect "thisistheservername:1234"
The auth name and "AuthRadius" have been removed for clarity. See Apache::AppSamurai for more general configuration information, or the examples/conf/ directory in the Apache::AppSamurai distribution for examples.
SERVER:PORT
(Default: 127.0.0.1:1812) Set to the IP address or FQDN (fully qualified domain name) of the RADIUS server, a :, and then the port RADIUS is listening on.
127.0.0.1:1812
:
PASSWORD
(Default: defaultisstupid) Set the RADIUS secret (password) used for communication between the Apache::AppSamurai server and the RADIUS server. If possible, use a unique RADIUS secret for different devices to reduce the risk of attack from other devices, and the risk of capturing authentication information in transit.
defaultisstupid
Oh, and don't use defaultisstupid as your RADIUS secret!
SECONDS
(Default: 5) The number of seconds to wait for a response from the RADIUS server. The default should usually be fine.
All other configuration items are inherited from Apache::AppSamurai::AuthBase. Consult its documentation for more information.
Other than the AuthRadius specific configuration options, (described in "USAGE"), this is just a wrapper for the AuthBase Configure().
Configure()
Performs the following additional actions:
Creates and initializes an Authen::Radius instance and saves it in $self->{radius}.
$self->{radius}
Sends the authentication request to the RADIUS server. It logs error(s), including specific RADIUS errors, and returns 0 if the authentication fails for any reason.
See "SYNOPSIS" for a basic example, or configuration examples in examples/conf/ inside the Apache::AppSamurai distribution.
Apache::AppSamurai, Apache::AppSamurai::AuthBase, Authen::Radius
Paul M. Hirsch, <paul at voltagenoir.org>
<paul at voltagenoir.org>
See Apache::AppSamurai for information on bug submission and tracking.
See Apache::AppSamurai for support information.
Copyright 2008 Paul M. Hirsch, all rights reserved.
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
To install Apache::AppSamurai, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Apache::AppSamurai
CPAN shell
perl -MCPAN -e shell install Apache::AppSamurai
For more information on module installation, please visit the detailed CPAN module installation guide.