The Functionality
The mod_radius_auth module follows a predictable pattern in its use. A typical transaction occurs like this:
The browser submits a page request for http://www.website.com/index.html.
Apache sees that the directory is secured and sends an Authorization Required prompt (with spaces for the username and password) to the end user.
The user responds to the authentication request with his credentials. The browser sends the response, and the same page request once again, to Apache.
Apache receives the user’s response and hands it off to mod_auth_radius. The module sees that a cookie is not present (since this is the user’s first request.) It constructs a RADIUS request and transmits it to the RADIUS server.
The RADIUS server performs the authentication and sends its response back to mod_auth_radius.
mod_auth_radius interprets the RADIUS server’s decision. If the authentication was deemed successful, the module sends a cookie with the public and private information hidden using MD5. If the authentication was unsuccessful, the module returns an Access Denied message.
The web browser sends the cookie with any other request. As long as mod_auth_radius recognizes the cookie as valid, it will not send another request to the RADIUS server.
The cookies that are set on the end user’s computer are valid for the lesser of the two values specified in the module’s configuration and the secured area’s configuration. The cookies also are killed when the browser ends, either by crash or via ...