Apache::AuthenRadius - Authentication via a Radius server
# Configuration in httpd.conf PerlModule Apache::AuthenRadius # Authentication in .htaccess AuthName Radius AuthType Digest or AuthType Basic # authenticate via Radius PerlAuthenHandler Apache::AuthenRadius PerlSetVar Auth_Radius_host radius.foo.com PerlSetVar Auth_Radius_port 1647 PerlSetVar Auth_Radius_secret MySharedSecret PerlSetVar Auth_Radius_timeout 5 # This allows you to append something to the user name that # is sent to the RADIUS server # usually a realm so the RADIUS server can use it to # discriminate between users PerlSetVar Auth_Radius_appendToUsername @some.realm.com require valid-user
This module allows Basic and Digest authentication against a Radius server.
The mod_perl handler.
The Radius server host: either its name or its dotted quad IP number. The parameter is passed as the PeerHost option to IO::Socket::INET->new.
The port on which the Radius server is listening: either its service name or its actual port number. This parameter defaults to "1647" which is the official service name for Radius servers. The parameter is passed as the PeerPort option to IO::Socket::INET->new.
The shared secret for connection to the Radius server.
The timeout in seconds to wait for a response from the Radius server.
For Digest authentication, this is the algorithm to use. Defaults to 'MD5'. For Basic authentication, it is ignored. If Digest authentication is set, unauthenticated requests will be sent a Digest challenge, including a nonce. Authenticated requests will have the nonce checked against Auth_Radius_nonce_lifetime, then the whole Authentication header sent as the password to RADIUS.
Appends a string to the end of the user name that is sent to RADIUS. This would normally be in the form of a realm (i.e. @some.realm.com) This is useful where you might want to discriminate between the same user in several contexts. Clever RADIUS servers such as Radiator can use the realm to let the user in or no depending on which protected Apache directory they are trying to access.
Specifies the maximum nonce lifetime in seconds for Digest authentication. This parameter allows you to change the nonce lifetime for Digest authentication. Digest authentications whose nonce exceeds the maximum lifetime are declined. Defaults to 300 seconds.
The module should be loaded upon startup of the Apache daemon. Add the following line to your httpd.conf:
PerlModule Apache::AuthenRadius
For AuthenRadius you need to enable the appropriate call-back hook when making mod_perl:
perl Makefile.PL PERL_AUTHEN=1
For Digest authentication, you will need Authen::Radius version 0.06 or better. Version 0.05 only permits 16 byte passwords
Apache, mod_perl, Authen::Radius
Authen::Radius by Carl Declerck carl@miskatonic.inbe.net
Apache::AuthenRadius by Dan Sully <daniel | AT | cpan.org>
The Apache::AuthenRadius module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
