Hi Lars, Some instructions are here: http://httpd.apache.org/docs/2.2/howto/auth.html
A simple example might look something like this in your Location/Directory block: AuthType Basic AuthName "Test" AuthBasicProvider file AuthUserFile /usr/local/apache/passwd/passwords Require valid-user Then, from the command line run: htpasswd -c /usr/local/apache/passwd/passwords test where 'test' is the username you will be creating (you will be prompted for a password). Then, restart Apache and try to hit that protected resource and use the username/password you created. If you are not prompted for authentication, then I think there might be some directive in an Apache scope overriding the directives that you have set. It does sound like your configuration is being processed though, as you said you received startup errors when Apache could not start properly due to invalid settings, which is why this is a bit of a mystery to me. -Phil On Fri, Jun 19, 2009 at 3:59 PM, Lars Huttar <[email protected]> wrote: > Hi Phil, > I have not tried any other AuthType directives. I'm pretty new to httpd > authentication. > > I could try "AuthType Basic", but I wouldn't quickly know how to set up > the other required details so that a test should work. E.g. an > authentication-provider module and an authorization module, a user file > and group file... > Is there a quick & well-packaged test I could run? > > Lars > > > On 6/19/2009 2:34 PM, Phil Ames wrote: > > Hi Lars, > > Are you able to get any other AuthType directives to work on that > > location (e.g. AuthType Basic)? Is it just AuthType CAS that is > > failing? > > > > Thanks, > > > > -Phil > > > > On Fri, Jun 19, 2009 at 3:25 PM, Lars Huttar<[email protected]> wrote: > >> Thanks for your quick response. > >> You were right, there was a LogLevel directive for <VirtualHost *> that > >> was overriding the global LogLevel and setting it to "warn". > >> > >> However, even after I put "LogLevel debug" in all the <VirtualHost> > >> directives, and restarted httpd and accessed the "protected" resources > >> again, there is still nothing in the logs about CAS. > >> I checked the error log, access log, and ssl_error log. The error log > >> has more than it used to: it has stuff about mod_proxy_http.c, in > >> addition to what it already had about proxy_util.c. But nothing about > >> CAS that I can find. > >> > >> One thing I noticed was that the ssl_error log kept giving the warnings, > >> "RSA server certificate CommonName (CN) 'localhost.localdomain' does NOT > >> match server name!?" > >> and > >> "RSA server certificate is a CA certificate (BasicConstraints: CA == > >> TRUE !?)" > >> > >> I didn't think that was relevant, but it reminded me that I hadn't yet > >> configured CASCertificatePath or put the certificates in there. > >> I tentatively tried setting that up, but got errors saying that the file > >> I specified (/etc/ssl/certs/myca.crt) was "not a regular file." So I > >> took CASCertificatePath out again. (I checked the permissions to get to > >> the cert file ... they seemed fine.) > >> > >> > >> Any further help would be appreciated... I'm still not getting debugging > >> output from mod_auth_cas. > >> > >> Thanks, > >> Lars > >> > >> > >> On 6/19/2009 12:56 PM, Phil Ames wrote: > >>> Hi Lars, > >>> Can you please make sure that the "LogLevel" directive for that > >>> VirtualHost is set to Debug as well? CASDebug On does output debug > >>> logs, but often times the LogLevel is set to "warn" or something > >>> similar that causes those logs to be discarded instead of output in > >>> the file. > >>> > >>> Thanks, > >>> -Phil > >>> > >>> On Fri, Jun 19, 2009 at 1:12 PM, Lars Huttar<[email protected]> > wrote: > >>>> On 6/19/2009 12:08 PM, Lars Huttar wrote: > >>>>> Hello, > >>>>> > >>>>> I'm new to CAS. We've been using a different SSO system for our > >>>>> Intranet, but are moving to CAS because it means not having to go > >>>>> through a distant reverse-proxy on every http request. > >>>>> > >>>>> I've been configuring an Apache httpd instance to use mod_auth_cas. > >>>>> As far as I can tell, I have things configured right in > >>>>> /etc/httpd/conf.d/auth_cas.conf. But when I try navigating to the > >>>>> protected URLs from a browser (e.g. > >>>>> http://mydomain/arcgis/rest/services), Apache serves the pages > without > >>>>> (AFAICT) doing any CAS authentication at all. > >>>> P.S. > >>>> Let me add that when I access these "protected" URLs, nothing > additional > >>>> (e.g. no debug info and no errors) gets written to the error log. > >>>> > >>>> The access log shows a normal access occurring: > >>>> 172.20.6.57 - - [DateTime] "GET /arcgis/rest/services/ > HTTP/1.1" 200 etc. > >>>> Nothing else. > >>>> > >>>> -- > >>>> You are currently subscribed to [email protected] as: > [email protected] > >>>> To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > >>>> > >> > >> -- > >> You are currently subscribed to [email protected] as: > [email protected] > >> To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > >> > > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
