Using OTP auth in Apache
From FreeAuth Wiki
Contents |
[edit] One Time Passwords with Apache
TODO: This page and attached code needs to be updated to utilise the FreeAuth method, rather then the old mOTP method.
See OTP Implementation for further details.
[edit] Installing the apache module
Go here and grab the latest for the version of apache you are running.
wget http://www.unixpapa.com/software/mod_auth_external-x.y.z.tar.gz
tar xzvf mod_auth_external-x.y.z.tar.gz
In debian based systems you need to make sure apache-dev (or apache2-dev) is installed.
apt-get install apache-dev
Then:
apxs -c mod_auth_external.c
apxs -i -a mod_auth_external.so
This will build and install the module, and add the load line to httpd.conf.
[edit] Apache Configuration
The usual ways to provide http authentication apply, you can configure .htaccess or in the main apache configuration, I'll only deal with the latter in this document.
In /etc/apache/httpd.conf below any module load lines put something like the following:
AddExternalAuth archive_auth /usr/bin/MOTP.php
SetExternalAuthMethod archive_auth pipe
<Directory /path/to/files/to/protect>
AuthName "phpMyAdmin"
AuthType Basic
AuthExternal archive_auth
require valid-user
Satisfy all
</Directory>
[edit] House keeping
You will also need to make some directories to store cookies and login attempts.
mkdir -p /var/motp/cookies
mkdir -p /var/motp/cache
mkdir -p /var/motp/users
You also need to download a copy of the OTP script...
http://www.freeauth.org/images/MOTP.txt
I saved it as /usr/bin/MOTP.php, you also need to make it executable:
chmod 755 /usr/bin/MOTP.php
and that's pretty much it, make sure you restart apache etc.
