Introduction
In this month's article, I want to talk about configuring
authentication module fail-over with Apache 2.1's new authentication
API. Most people are familiar with Apache 1.3, or 2.0, but have not
heard of Apache 2.1, or any of the new features that will be
integrated into it. Well, first, Apache 2.1 is the development branch
of the Apache web server family, which will become Apache 2.2 the next
stable branch of Apache. (Apache 2.0 is the current stable branch for
the Apache 2 series). You may be familiar with the major changes that
have taken place between Apache 1.3 and Apache 2.0, but you may not be
aware that there are also major changes between Apache 2.0 and Apache
2.1. "What changes?", you may ask. The authentication API, of course.
Over the past few
years, as Apache 2.0 has been tested around the world, developers
became unhappy with the flexibility of the existing 2.0 authentication
API, and decided that a major reworking of Apache's authentication
internals was in order. This reworking will make it much easier for
new authentication mechanisms to be built for Apache. (Great for those
of us who have unique authentication schemes which are implemented in
any number of languages, (C, PERL, etc.)). This reworking has been a
long process, but now it appears as if the developers are feeling that
the new code base is stabilizing and an Apache 2.2 release is
approaching in the near future. In preparation for the possibility of
including Apache 2.2 in the Central Web Supports roadmap for the
future, I took some time a few weeks ago to become familiar with the
new changes, and test our specific needs for authentication with this
new API. The result? Read on and find out...
Apache
2.1: Build
Obtaining the Apache 2.1 source code may seem daunting at first, but I
will step you through the process, and show you all of the hidden
tricks I learned during my initiation to the newest installment of the
world's most popular web server.
First of all, we need to download the source code for Apache 2.1 from
Subversion, the versioning tool to which Apache has recently moved all
of its project code bases. To do this, you will need a Subversion
client, (many of which are found here:
http://subversion.tigris.org/project_links.html
under the "Clients and plugins" heading). I am using Debian, so I
simply typed:
#
apt-get install svn
Once svn was installed, I then used the svn client to "checkout" the
source code with the following command:
#
svn co http://svn.apache.org/repos/asf/httpd/httpd/trunk httpd-test
"co" stands for checkout, and we
are simply using the svn client to "checkout" the source code from the
URL "http://svn.apache.org/repos/asf/httpd/httpd/trunk" and
place it in the directory we specify, (here I placed the code in "httpd-test").
(For more information on Subversion, checkout ( ;) ) the online book
at: http://svnbook.red-bean.com/ ).
When the source code has
finished downloading, change directory into httpd-test, (or whichever
directory you specified the source code to download into), and run the
command:
# ./buildconf
Buildconf will check to
see if you have the Apache Portable Runtime Library, or apr, and the
apr-util packages downloaded into the srclib directory. Since we have
not downloaded these packages, you will need to run the following
commands from the httpd-test directory:
# svn co http://svn.apache.org/repos/asf/apr/apr/trunk
srclib/apr
# svn co http://svn.apache.org/repos/asf/apr/apr-util/trunk
srclib/apr-util
The Apache Portable
Runtime Library is the abstraction layer that helps Apache to run on
many different platforms, and is a necessary part of the Apache code
base. At this juncture, I am not sure if the developers will bundle
the apr packages with Apache 2.2, or keep them separate. I'll keep you
posted.
Next, run the buildconf
script again:
# ./buildconf
The buildconf script
will build our configure file, and now we are ready to configure and
compile Apache as we have in the past.
To be consistent with my
current Apache 2.0 configuration, I copy my config.nice file from my
latest source directory, httpd-2.0.53, to the current directory. This
is what my Apache 2.0 config.nice file looks like:
#! /bin/sh
#
# Created by configure
CFLAGS="-g"; export
CFLAGS
"./configure" \
"--prefix=/usr/local/apache2/"
\
"--enable-headers" \
"--enable-ssl" \
"--enable-http" \
"--enable-cgi" \
"--enable-speling" \
"--enable-so" \
"--enable-rewrite" \
"--enable-proxy" \
"--enable-cache" \
"--enable-mem-cache" \
"--enable-disk-cache" \
"--enable-expires" \
"--enable-dav" \
"--enable-deflate" \
"--with-ldap" \
"--enable-ldap" \
"--enable-auth-ldap" \
"$@"
This config.nice from Apache 2.0, will actually work quite nicely with
Apache 2.1. The only change that will need to be made, will be to the
--enable-auth-ldap line towards the very end, which will need to be
changed to --enable-authnz-ldap.
#! /bin/sh
#
#
Created by configure
CFLAGS="-g"; export CFLAGS
"./configure" \
"--prefix=/usr/local/apache21/" \
"--enable-headers" \
"--enable-ssl" \
"--enable-http" \
"--enable-cgi" \
"--enable-speling" \
"--enable-so" \
"--enable-rewrite" \
"--enable-proxy" \
"--enable-cache" \
"--enable-mem-cache" \
"--enable-disk-cache" \
"--enable-expires" \
"--enable-dav" \
"--enable-deflate" \
"--with-ldap" \
"--enable-ldap" \
"--enable-authnz-ldap" \
"$@"
Once you have made the changes, save them, and execute the following
commands:
#
./config.nice
#
make
If Apache compiles successfully, then execute:
#
make install
Once Apache is installed into /usr/local/apache21, you can then start
Apache to test and see if Apache 2.1 will start successfully.
#
/usr/local/apache21/bin/apachectl start
Hit localhost with a web browser, (my choice is usually lynx):
#
lynx localhost
And see if you get a default Apache page.
Conclusion
Congratulations!! You have just downloaded and installed the
development version of Apache. Remember, this is beta software, so
there are bound to be bugs in it, (aka don't run this in a production
environment).
Next month, we are going to configure Apache 2.1 to use
both mod_auth_file, and mod_authnz_ldap to help us to restrict access
to our site. Test, have fun, and enjoy!
