Setting up Apache2::AuthCAS client on Ubuntu Feisty Server

Use of this module is not recommended as it has a poor security history.

These instructions assume you have a fairly bare-bones installation of Ubuntu Server (Feisty) and that you want to use Apache2. If you plan on running Apache 1.x, then DO NOT follow these instructions.

Make sure you have the apache2 and mod_perl installed. You'll need a database too. We'll use PostgreSQL.

sudo apt-get install apache2 libapache2-mod-perl2 postgresql-8.2

The AuthCAS module has some dependencies of its own, so install those.

sudo apt-get install make libnet-ssleay-perl libdbi-perl libdbd-pg-perl libxml-simple-perl

Fetch the Apache2::AuthCAS module, extract, build, and install.

wget http://search.cpan.org/CPAN/authors/id/J/JH/JHITT/Apache2-AuthCAS-0.1.tar.gz
tar zxf Apache2-AuthCAS-0.1.tar.gz
cd Apache2-AuthCAS-0.1
perl Makefile.PL
make
make test
sudo make install

There's a missing comma in the schemaPg.sql, so add it before continuing. Set-up a database for the Apache2:AuthCAS module to store sessions.

sudo -u postgres createuser -P cas
sudo -u postgres createdb -O cas CASAuth
psql -h localhost -U cas -f schemaPg.sql CASAuth

You may wish to read the man page before continuing.

man -l /usr/local/share/man/man3/Apache2::AuthCAS.3pm

Make sure that mod_perl is enabled in the apache2 configuration. I check by looking for the /etc/apache2/mods-enabled/perl.load symlink. Next, configure the module. I do this by creating an authcas file in /etc/apache2/conf.d with the following contents:

PerlLoadModule Apache2::ServerUtil
PerlLoadModule Apache2::ServerRec
PerlLoadModule Apache2::AuthCAS::Configuration
CASHost                 "cas-dev.uwaterloo.ca"
# The level of logging, ERROR(0) - EMERG(4)
CASLogLevel             0

# Should we set the âsicâuthentication header?
#CASPretendBasicAuth     0

# Where do we redirect if there is an error?
CASErrorUrl             "https://cas-dev.uwaterloo.ca/cas/error/"

# Database parameters for session and ticket management
CASDbDriver             "Pg"
CASDbDataSource         "dbname=CASAuth;host=localhost;port=5432"
CASDbSessionTable       "cas_sessions"
CASDbUser           "cas"
CASDbPass           "test123"

PerlLoadModule APR::Table
PerlLoadModule Apache2::AuthCAS

Next, set-up the module. I tried something simple at the end of /etc/apache2/sites-available/default:

   <Directory "/var/www/cas-protected">
        AuthType Apache2::AuthCAS
        AuthName "CAS"
        PerlAuthenHandler Apache2::AuthCAS->authenticate

        require valid-user
    </Directory>

Restart the server for all changes to take effect.

sudo /etc/init.d/apache2/force-reload.

Notes

• The module does not set the REMOTE_USER environment variable, so authorizing certain people to certain pages via the require user .htaccess directive is not possible.

-- JasonTestart - 28 Aug 2007