The previous two chapters have focused on using the FreeRADIUS product as the basis of an authentication/authorization/accounting system for a regular Internet service provider-style setup. In this chapter, I’ll cover FreeRADIUS in conjunction with Web, LDAP, and email servers, and will discuss a utility, RadiusReport, for parsing RADIUS accounting files to glean valuable information from them.
Chances are good that you have
an area of your web site that
needs to be protected from general public access. If you use the
Apache web server, you may be familiar with the various methods by
which this can be done: using an .htaccess and
.htpasswd combination, setting Unix file system
Deny directives inside the Apache configuration
file, and others. However, it’s now possible to
instruct Apache to authenticate against an existing RADIUS database
of users, thereby protecting the area of your web site from unknown
users and allowing access to those you trust.
This authentication is done using a module developed for Apache 1.x called mod_auth_radius. (Apache 2.0 had not been released at the time, and the module has yet to be updated for Version 2.0.) In effect, Apache becomes a RADIUS client—occupying the traditional position of the NAS in the authentication chain—and hits off the RADIUS server for authentication and accounting requests. Not only does this save administrative time by consolidating ...