How To Secure Apache2 With LinOTP
Selasa, 06 November 2012
0
komentar
http://www.howtoforge.com/how-to-secure-apache2-with-linotp
This Howto describes the way to set up two factor authentication with one time passwords for Apache2. We assume, that you have already set up your LinOTP server. You can download Debian and Ubuntu packages or you can install the system using the Python Package Index. It provides a good quick start to get the service up and running for demo purposes (check for the latest version).
Or you can download the package directly at your command line:
The module uses cookies to cache the successful authentication. The cookie is encrypted, so you need to create a secret:
Please note: Using localhost in you LinOTPValidateURL might lead to curl errors, so please either use the correct IP or FQDN.
Happy Authenticating!
This Howto describes the way to set up two factor authentication with one time passwords for Apache2. We assume, that you have already set up your LinOTP server. You can download Debian and Ubuntu packages or you can install the system using the Python Package Index. It provides a good quick start to get the service up and running for demo purposes (check for the latest version).
Download
The OTP authentication is done using a Apache authentication provider for Apache basic authentication. This provider can be downloaded at github.Or you can download the package directly at your command line:
wget https://github.com/lsexperts/mod_authn_linotp/zipball/master -O mod_authn_linotp.zip
Install
You need at least the following packages on your Ubuntu or Debian system to compile the Apache module:dpkg -i libtool automake autoconf build-essential libcurl4-gnutls-dev
Now unzip the module and enter the directory:unzip mod_authn_linotp.zip
cd lsexperts-mod_authn_linotp-3583b90
The installation process is also described in the file INSTALL:cd lsexperts-mod_authn_linotp-3583b90
libtoolize
aclocal
automake --add-missing
autoconf
./configure
make
sudo make install
You can also use checkinstall to create a debian package for easier package handling.aclocal
automake --add-missing
autoconf
./configure
make
sudo make install
sudo checkinstall make install
Now the module is located at /usr/lib/apache2/modules/mod_authn_linotp.so.Activate the module
sudo a2enmod authn_linotp
Configure Apache
Now you can use two factor authentication for your Apache directories and locations. You can also take a closer look at the file README for all the configuration parameters.The module uses cookies to cache the successful authentication. The cookie is encrypted, so you need to create a secret:
pwgen 24 1
Now you can protect any Directory or Location scope like this:Using LinOTPTimeout you can define for how many seconds the cookie should be valid and thus after which time the user should be asked for a new OTP again.
AuthType basic
AuthName "LinOTP protected"
AuthBasicProvider LinOTP
Require valid-user
LinOTPValidateURL https://172.16.200.148/validate/simplecheck
LinOTPCookieSecret eenohJaen6CeexaH9yieTiel
LinOTPSSLCertVerify Off
LinOTPSSLHostVerify Off
Please note: Using localhost in you LinOTPValidateURL might lead to curl errors, so please either use the correct IP or FQDN.
Happy Authenticating!
TERIMA KASIH ATAS KUNJUNGAN SAUDARA
Judul: How To Secure Apache2 With LinOTP
Ditulis oleh Unknown
Rating Blog 5 dari 5
Semoga artikel ini bermanfaat bagi saudara. Jika ingin mengutip, baik itu sebagian atau keseluruhan dari isi artikel ini harap menyertakan link dofollow ke http://androidjapane.blogspot.com/2012/11/how-to-secure-apache2-with-linotp.html. Terima kasih sudah singgah membaca artikel ini.Ditulis oleh Unknown
Rating Blog 5 dari 5
Categories:
0 komentar:
Posting Komentar