UCDavisAuthZ
UCDavisAuthZ perl module
Installation
Install mod_perl for apache.
Follow the instructions at: http://perl.apache.org
Windows: For Windows, download the complete package that contains perl and apache already working together from ftp://theoryx5.uwinnipeg.ca/pub/other/. It's the easiest way to get everything working.
Turn on mod_perl on your web server.
If you didn't do this in step 1, it probably means having these lines in your httpd.conf file:
LoadModule perl_module modules/libperl.so AddModule mod_perl.cWindows: You only need the first line, and it should look like:
LoadModule perl_module modules/ApacheModulePerl.dllIf you got the complete Windows package from the ftp site described above, this has already been done for you.
Download the appropriate module for your architecure/Apache version.
Rename the file to UCDavisAuthZ.pm.
Place the UCDavisAuthZ.pm module in the apache perl lib path.
Put this module in ~www/lib/perl/Apache/UCDavisAuthZ.pm. This location will differ from site to site.
Under a RH linux rpm-installed apache and mod_perl, it should go into /etc/httpd/lib/perl/Apache/UCDavisAuthZ.pm for instance.
Windows: It should be installed in C:/Apache/lib/perl/Apache/UCDavisAuthZ.pm. Note that you'll have to create some of those directories (probably everything from C:/Apache/lib and down)
Load the Perl module
In your httpd.conf file add (the bottom of the file is fine):
PerlModule Apache::UCDavisAuthZ
The module is now installed.
Consult the following sections for configuration details.
Classlist / User File Configuration
Module Configuration
In your access.conf file(s), protect the directories you wantprotected using a directive set like:<Location /secure-docs> PerlAuthzHandler Apache::UCDavisAuthZ PerlOptions +GlobalRequest PerlSetVar user_list /var/access/allowed-users </Location>Parameters:
user_list "FILE1, FILE2, ..."
A list of files that should contain campus login names for the people you want this site restricted to. With this directive in place, only the people found in this file will be allow to see the contents of the page in question.default: null (anyone can access pages)
user_header
Sets the header value to retrieve the authenticated user id from.default: 'CAS-User'
IP Address Restriction
Module Configuration
In your access.conf file(s), protect the directories you wantprotected using a directive set like:<Location /secure-docs> PerlAccessHandler Apache::UCDavisAuthZ PerlOptions +GlobalRequest PerlSetVar allow_ucd_ip 1 </Location>Parameters:
allow_ucd_ip 1
This will allow ucd specific IP Addresses through without
having authenticated with their kerberos password first.default: off (0).
allow_ucd_ip_addrs 169.237.,128.120.,152.79.
This allows you to override the default list of
ipaddresses that are considered to be on campus and
accepted without authentication when the allow_ucd_ip
variable is set to 1 (see above).default: 169.237.,128.120.,152.79.