mod_auth_xradius NAS-Identifier Enhancement
This is a hack for the mod_auth_xradius authentication module for apache 2.0 from
OutOfOrder.cc's mod_auth_xradius
With mod_auth_xradius you can do BasicAuthentication using a Radius-Server.
mod_auth_xradius sends as NAS-Identifier just the hostname of the virtual-host of the accessed website,
but if you have different secured websites within one virtual-host and if you want to check on your radius-server
which of the websites has been accessed, you probably need my patch.
mod_auth_xradius NAS-Identifier Enhancement gives you the possibility to set the NAS-Identifier on a per-directory base (.htaccess or <Location ...>).
Installation:
Untar the original mod_auth_xradius_v0.4.X.tar.bz2 , dive into new directory and then apply the patch:
# cat mod_auth_xradius.nasname.diff | patch -p0
Then compile and install as usual (./configure, make, make install) (note for debian users: configure needs --with-apxs=/usr/bin/apxs2).
Usage:
The parameter
AuthXRadiusNasName is new. Can be used in <Directory> or .htaccess.
If AuthXRadiusNasName is not set then ServerName is sent as NAS-Identifier insted - this is the default behaviour without my patch.
A sample config looks like:
.htaccess:
AuthType Basic
AuthName "SQL-Admin"
AuthXRadiusAddServer "123.123.123.123:1645" "verysecurepassword"
AuthXRadiusRetries 2
AuthXRadiusTimeout 2
AuthXRadiusNasName "anystringwhichissenttoradiusserver"
require valid-user
Note on mod_auth_xradius with Apache 2.2:
Apache >= 2.1 needs
AuthBasicProvider, otherwise you'll get errors like:
#[Mon Apr 30 15:09:11 2007] [error] [client 192.168.10.136] (9)Bad file descriptor: Could not open password file: (null)
#[Mon Apr 30 15:09:11 2007] [error] Internal error: pcfg_openfile() called with NULL filename
You have to add this to your .htaccess:
AuthBasicProvider "xradius"
Download:
Patch for mod_auth_xradius-0.4.6:
mod_auth_xradius-0.4.6-nasname.diff