RADIUS for Web Authentication
Chances are good that you have
an area of your web site that
needs to be protected from general public access. If you use the
Apache web server, you may be familiar with the various methods by
which this can be done: using an .htaccess and
.htpasswd combination, setting Unix file system
permissions, using Allow and
Deny directives inside the Apache configuration
file, and others. However, it’s now possible to
instruct Apache to authenticate against an existing RADIUS database
of users, thereby protecting the area of your web site from unknown
users and allowing access to those you trust.
This authentication is done using a module developed for Apache 1.x called mod_auth_radius. (Apache 2.0 had not been released at the time, and the module has yet to be updated for Version 2.0.) In effect, Apache becomes a RADIUS client—occupying the traditional position of the NAS in the authentication chain—and hits off the RADIUS server for authentication and accounting requests. Not only does this save administrative time by consolidating what potentially could become two user databases into one, but it also allows for more flexibility. Namely, RADIUS accounting can be used to track usage statistics for this protected site. Apache can keep detailed logs, but sometimes it’s helpful to have all audit information in one place.
There are several potential applications for this module. The following scenarios are likely candidates for this module:
A corporation who wants ...