Connect to the Purdue Home Page

Purdue University

Identity and Access Management

Installing I2A2 Apache on Linux

Michael Witt of the Purdue Libraries has installed the I2A2 Apache package on a Linux system and has provided a set of simplified instructions for doing it.

Michael started with a Redhat 7.2 (i386) system built as a server. It had no previous web server or firewall packages installed. He offers the following step-by-step instructions as a guide for duplicating his installation.

  1. Download openssl, apache, modules, and i2a2 packages from the I2A2 web site.

  2. Decompress them wherever you keep source on your system. They will create an I2A2_build directory.

  3. As root, run "I2A2_build/Config". On Redhat 7.2, an older version of OpenSSL is installed in /usr/share/ssl, so answer yes to the first question and provide this path. Install apache in /opt/apache-1.3.26.

  4. Now cd I2A2_build/openssl, and "make" (go get a cup of coffee.)

  5. If no errors occur, "make install".

  6. Now cd I2A2_build/apache and "make".

  7. If no errors occur, "make install".

  8. Now cd I2A2_build/modules and "make".

  9. If no errors occur, "make install".

  10. Now, for testing purposes, we can generate our own certificate.

                    cd I2A2_build/apache/src/apache_1.3.26/src
                  


  11. "make certificate". If you don't know the answers to the prompts, accept the defaults. Remember your passphrase.

  12. Copy your certificate and key to your pache installation:

                    cp  ../conf/ssl.key/server.key
                     /opt/apache-1.3.26/conf/ssl.key/server.key
    cp ../conf/ssl.crt/server.crt /opt/apache-1.3.26/conf/ssl.crt/server.crt


  13. Now let's test Apache:

    /opt/apache-1.3.26/bin/apachectl startssl


    Type in your passphrase.

  14. Point your web browser to https://localhost and confirm your certificate has been installed and Apache is happy.

  15. Stop Apache:

    /opt/apache-1.3.26/bin/apachectl stop


  16. Now we're ready to install the I2A2 package:

    cd I2A2_build/securepurdue/I2A2

    then

    make patch


  17. Edit src/*/libpuidX/extlib/Makefile.PL and remove "-xarch=v8" from the file. Return to I2A2_build/securepurdue/I2A2 and run make, then make install.

  18. Add these lines to your /etc/services file:
    authc	1561/tcp	# CC - I2A2 authenticator, text access
    authcs	1562/tcp	# CC - I2A2 authenticator, SSL access
    authz	1563/tcp	# CC - I2A2 authorizer, text access
    authzs	1564/tcp	# CC - I2A2 authorizer, SSL access
    refl	1565/tcp	# CC - I2A2 reflector, text access
    refls	1566/tcp	# CC - I2A2 reflector, SSL access			            
                  


  19. Now we're ready to prepare apache to use I2A2. Create a file outside of your web server directory that contains nothing but some arbitrary text. Do not use your certificate passphrase! Let's call this file secrets_key.txt.

  20. Make the changes to /opt/apache-1.3.26/conf/httpd.conf that are outlined on the I2A2 web page.

  21. Use a combination of directives in your httpd.conf and .htaccess files in the directories that you want to secure, then start Apache and test them.

Feedback | Contact Purdue | Style Standards
Maintained by: IAMO Team

Purdue University, West Lafayette, IN 47907, (765) 494-4600
© 2010 - 2013 Purdue University | An equal access/equal opportunity university | Copyright Complaints
If you have trouble accessing this page because of a disability, please contact the CSC at itap@purdue.edu or (765) 494-4000.