Apache Web Server with the I2A2::Access Module
To use the I2A2::Access Module you must have an
Apache Web Server built with mod_ssl and mod_perl.
If you're familiar with building an Apache Web Server, you need to build Apache with the mod_ssl and mod_perl extensions.
If you're not familiar with building an Apache Web Server, the "Apache" package (below) will do most (if not all) of the work. Building the Apache Server also requires having OpenSSL, so the "OpenSSL" package may also be useful.
If you want to install the I2A2 Apache package on Linux, you might want to consult notes on doing that, provided by Michael Witt of the Purdue Libraries.
You'll also need the following Perl modules. These are included in the "modules" package (below).
- Apache modules (installed from mod_perl sources)
- Net_SSLeay. (use version 1.07 or later)
And, finally, the I2A2 package (see below).
The following packages have been put together to help in building the Apache Server:
- openssl-0.9.6i_pkg.tar.gz to build and install OpenSSL
- apache_1.3.27_pkg.tar.gz to build and install Apache with mod_ssl and mod_perl
- modules-0.3_pkg.tar.gz to build and install the necessary Perl modules
- I2A2-0.83_pkg.tar.gz to build and install the I2A2 modules
Fetch the packages you need and extract each of them into the same directory. Then, "cd" into I2A2_build (the
packages all share this top level directory) and run ./Config. Config will ask where OpenSSL and Apache are installed
(or should be installed) and generate an appropriate Makefile for each package you extracted.
Then "cd" into each directory and run "make" and "make install"
Setting up the I2A2::Access Module
Once you have an Apache Server with mod_perl and mod_ssl installed. . .
To accept Purdue Certificates, you must have a copy of the Purdue CA public key certificate installed in the CA bundle for Apache (normally conf/ssl.crt/ca-bundle.crt). If you used the 1.3.27 package to build Apache, or used the mod_ssl-2.8.12-1.3.27 patch the certificate should already be installed.
You also need to have a certificate for your Apache SSL server. You can generate a self-signed certificate by returning to the Apache sources and running "make certificate". Then copy the cerficate (and key) from conf/ssl.crt/server.crt (conf/ssl.key/server.key) in the source tree to conf/ssl.crt/server.crt (conf/ssl.key/server.key) in the Apache installation.
Ports - The following services need to be available in /etc/services (or /etc/inet/services):
authc 1561/tcp # CC - I2A2 authenticator, text access authcs 1562/tcp # CC - I2A2 authenticator, SSL access authz 1563/tcp # CC - I2A2 authorizer, text access authzs 1564/tcp # CC - I2A2 authorizer, SSL access refl 1565/tcp # CC - I2A2 reflector, text access refls 1566/tcp # CC - I2A2 reflector, SSL access
In the Apache configuration file, httpd.conf, you need to set up the variables TicketLoginURL and TicketSecret, describe
the desired permissions for directories you wish to protect, and set up the login pages in the SSL Server. Here is more
information on setting up the
The I2A2::Access related Apache configuration directives are described in I2A2::Access Apache documentation.