Simplifying Solutions
I took documentation of getting SVN working on windows and the Apache documentation along with something called Moodle
Download the mod_auth_sspi Module from: http://sourceforge.net/projects/mod-auth-sspi/. At the moment of writing this (2008.07.16), the current version is mod_auth_sspi 1.0.4. Select your proper version (Apache 2.0.x or Apache 2.2.x)
Unzip the right file and copy mod_auth_sspi.so (it's inside bin subdirectory) to your Apache modules directory.
Edit your Apache 2 configuration file (httpd.conf) to load the module.
1 2 3 | <IfModule !mod_auth_sspi.c> LoadModule sspi_auth_module modules/mod_auth_sspi.so </IfModule> |
If you have your root directory setting to AllowOverride none, you will need to change it to all so we can use .htaccess files for authorization. Otherwise .htaccess files are ignored by apache.
1 2 3 4 5 | <Directory > ... some settings ... AllowOverride All ... more settings ... </Directory> |
You can allow this on just one directory (/secure in this case) if you would like instead:
1 2 3 | <Directory /secure> AllowOverride AuthConfig </Directory> |
AllowOverride details here: http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride
virtual-hosts.conf remains unchanged if you have one but nothing stops you from using it instead. I only wanted a single file to use integrated authorization so I went the .htaccess route with a file directive. I feel it is a bit more portable, could be committed with my source code, and also allows configuration changes without restarting Apache.
Create .htcaccess file in the directory of the file you want to protect.
1 2 3 4 5 6 7 8 9 10 11 12 13 | <Files autologon.cfm> AuthName "Login using your DOMAIN username and password" AuthType SSPI SSPIAuth On SSPIOfferBasic On # let non-IE clients authenticate SSPIOmitDomain On # keep domain name in userid string SSPIBasicPreferred Off # should basic authentication have higher priority SSPIUsernameCase lower SSPIAuthoritative On # set the domain to authorize against # SSPIDomain domain.company.com Require valid-user </Files> |
From the Apache Docs:
Most commonly, the problem is that AllowOverride is not set such that your configuration directives are being honored. Make sure that you don't have a AllowOverride None in effect for the file scope in question. A good test for this is to put garbage in your .htaccess file and reload. If a server error is not generated, then you almost certainly have AllowOverride None in effect.
If, on the other hand, you are getting server errors when trying to access documents, check your Apache error log. It will likely tell you that the directive used in your .htaccess file is not permitted. Alternately, it may tell you that you had a syntax error, which you will then need to fix."
Here I am protecing the file autologon.cfm. This allows this folder to be moved to any apache webserver that is configured to allow authentication configuration through .htaccess and still work if the module has been enabled.
In this example, the argument valid-user tells the server that any username that authenitcates. Require options are here: http://httpd.apache.org/docs/2.2/mod/core.html#require
Comments Closed.