Installing the necessary modules for CAS authentication on Tempest should be a wall in the park, thanks to all the work we did last summer to do the same for Puma to install mod_auth_cas. Those directions were base on these directions for installing CAS authentication. First, we have to install some packages:
[root@tempest ~] yum --enablerepo=epel search php-pear-CAS php-pear-CAS.noarch : Central Authentication Service client library in php [root@tempest ~] yum --enablerepo=epel -y install php-pear-CAS mod_auth_cas Package mod_auth_cas-1.0.8.1-2.el6.x86_64 already installed and latest version Installed: php-pear-CAS.noarch 0:1.3.2-1.el6 Complete! [root@tempest ~] yum install mod_authz_ldap Package mod_authz_ldap-0.26-16.el6.x86_64 already installed and latest version Nothing to do [root@tempest ~]
Then, we need to set the order in which they are loaded. Apparently, we did that last summer:
[root@tempest conf.d] pwd /etc/httpd/conf.d [root@tempest conf.d] ls -l | head total 116 -rw-r--r--. 1 root root 9473 Feb 7 2012 00_ssl.conf -rw-r--r--. 1 root root 793 Aug 15 2012 05_auth_cas.conf -rw-r--r--. 1 root root 1145 Mar 22 2007 10_authz_ldap.conf
One thing I learned, painfully, is that when there is an update to the ssl.conf file or any of these other files, they will be installed under their normal names (without the leading numbers) and then there are two copies of the content, thereby breaking Apache. So I created empty dummy versions of the originals. Hopefully, I will get .rpmnew files instead of a broken web server:
[root@tempest conf.d] touch ssl.conf auth_cas.conf authz_ldap.conf [root@tempest conf.d] ls -l ssl.conf auth_cas.conf authz_ldap.conf -rw-rw----. 1 root root 0 Mar 26 16:27 auth_cas.conf -rw-rw----. 1 root root 0 Mar 26 16:27 authz_ldap.conf -rw-rw----. 1 root root 0 Mar 26 16:27 ssl.conf [root@tempest conf.d]
Don’t forget to make SELinux happy:
[root@tempest conf.d] restorecon *
Next, restart the web server:
[root@tempest conf.d] apachectl graceful [root@tempest conf.d] service httpd status httpd (pid 13608) is running... [root@tempest conf.d] psg httpd apache 1454 13608 0 Mar25 ? 00:00:01 /usr/sbin/httpd root 13608 1 0 Feb22 ? 00:01:04 /usr/sbin/httpd apache 22198 13608 0 16:42 ? 00:00:00 /usr/sbin/httpd apache 22199 13608 0 16:42 ? 00:00:00 /usr/sbin/httpd apache 22200 13608 0 16:42 ? 00:00:00 /usr/sbin/httpd apache 22201 13608 0 16:42 ? 00:00:00 /usr/sbin/httpd apache 22202 13608 0 16:42 ? 00:00:00 /usr/sbin/httpd apache 22203 13608 0 16:42 ? 00:00:00 /usr/sbin/httpd apache 22204 13608 0 16:42 ? 00:00:00 /usr/sbin/httpd apache 22205 13608 0 16:42 ? 00:00:00 /usr/sbin/httpd apache 22206 13608 0 16:42 ? 00:00:00 /usr/sbin/httpd [root@tempest conf.d]
And test CAS authentication on puma and on tempest.
Yay! Seems to work.
