forked from LinOTP/mod_authn_linotp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
119 lines (97 loc) · 2.75 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
mod_authn_linotp - Apache module for authenticating with LinOTP
===============================================================
This apache module can be used to authenticate users against
LinOTP (http://linotp.org)
This auth module only works with basic authentication.
It uses a cookie to cache the authenticated user.
The authentication of the first request is done against the LinOTP server.
The consecutive requests are handled by the cookie.
Configuration parameters:
-------------------------
The module can only be configured in a directory context.
LinOTPValidateURL
mandatory
Context: Dir
Format: https://server/validate/simplecheck
Default: -
LinOTPRealm
optional
Context: Dir
The realm name, the user will be authenticated in.
Format: <string>
Default: -
LinOTPResolver
optional
Context: Dir
The useridresolver, the user will be authenticated in.
Format: <string>
Default: -
LinOTPCookieSecret
mandatory
Context: Dir
A secret that is used to encrypt the cookie.
Format: <string>
Default: -
LinOTPCookieName
optional
Context: Dir
The name of the cookie
Format: <string>
Default: linotp_auth_module
LinOTPSSLCertVerify
optional
Context: Dir
Whether the certificate of the LinOTP server should be verified
Format: On or Off
Default: Off
LinOTPSSLHostVerify
optional
Context: Dir
Whether the hostname in the certificate of the LinOTP server should be verified
Format: On or Off
Default: Off
LinOTPSSLVersion
optional
Context: Dir
SSL Version to be used when communicating with Linotp
Format: 2 or 3
Default: 2
LinOTPLogUser
optional
Context: Dir
Whether the username should appear in the log file
Format: On or Off
Default: On
LinOTPLogPassword
optional
Context: Dir
Whether the password should appear in the log file
Format: On or Off
Default: Off
LinOTPTimeout
optional
Context: Dir
maximum time (in seconds) for which a one-time password is valid
Format: a number
Default: 600
Example:
========
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
AuthType basic
AuthName "LinOTP protected"
AuthBasicProvider LinOTP
Require valid-user
LinOTPSSLCertVerify Off
LinOTPSSLHostVerify Off
LinOTPSSLVersion 3
LinOTPLogUser On
LinOTPLogPassword On
LinOTPCookieName myCookieName
LinOTPValidateUrl https://localhost/validate/simplecheck
LinOTPCookieSecret 098as0d9uasldj0a7sda
LinOTPRealm Realm1
</Directory>