[Modules] xradius with OTP

Cornelius Kölbel cornelius.koelbel at lsexperts.de
Thu Sep 20 06:07:01 EDT 2007

Dear list,

I am trying to use mod_auth_xradius with ubuntu 7.04, apache 2.2
I compiled and installed it successfully.

But I'd like to use one time passwords.

The first time I access my website http://secret-site3 the authentication works fine.

But when i click on another link on this page, i time out and some times I get a second auth request.

My vhost config looks like this:

LoadModule auth_xradius_module /usr/lib/apache2/modules/mod_auth_xradius.so
## If you do not want Authentication Caching, set:
#AuthXRadiusCache none -
AuthXRadiusCache dbm "/usr/lib/apache2/auth_xradius_cache"
# 1h Timeout.
AuthXRadiusCacheTimeout 3600

<VirtualHost *>
        ServerName secret-site3
        ServerAdmin webmaster at localhost

        DocumentRoot /var/www/site3
        <Directory />
                Options FollowSymLinks
                AllowOverride All
        <Directory /var/www/site3/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all

                 AuthType Basic
                AuthBasicProvider xradius
                 AuthName "Please enter your username and WiKID one-time passcode for entry to this site."
                 AuthXRadiusAddServer "localhost:1812" "testing123"

                 AuthXRadiusTimeout 7
                 AuthXRadiusRetries 2
                 #       AuthUserFile /etc/apache2/passwd
                 require valid-user

                # This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
                #RedirectMatch ^/$ /apache2-default/

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel debug
        CustomLog /var/log/apache2/access.log combined
        ServerSignature On

I think the module needs to remember, that the user was authenticated. How is this done and how is it configured correctly?

Thanks a lot and kind regards

More information about the Modules mailing list