[LON-CAPA-admin] secure login to LON-CAPA using LDAP
Guy Albertelli II
guy at albertelli.com
Tue Sep 19 10:38:59 EDT 2006
Hi Stefan,
> We need user login with https, otherwise our network crew will not allow
> LDAP authentication. We do not want to send uncrypted passwords over the
> network. And I think noone really wants this ;-)
Well the login page currently doesn't send clear text passwords.
> Best solution, I was told, is to run whole LON-CAPA under https. At
> least, changing the user login to https is a must.
Process for FC5 making the whole website to be under https:
- install mod_ssl
yum install mod_ssl
- open port 443 up
system-config-securitylevel-tui
(Customize -> Enable Secure WWW (HTTPS) -> OK -> OK)
/etc/init.d/iptables restart
- restart lon-capa
/etc/init.d/loncontrol stop
/etc/init.d/loncontrol start
/etc/init.d/httpd restart
At this point you should be able to login and lon-capa will work under
https://server/*
To force everyone to https:
- Edit /etc/httpd/conf/httpd.conf
- make sure that the line:
LoadModule rewrite_module modules/mod_rewrite.so
Exists and is not commented out.
- add this to the bottom of httpd.conf:
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [R,L]
This only currently works under FC5, all other dists
(FC4, RHEL4, and SLES 9 and SuSE 9.3) are more complicated at this
time. (But the basic idea is the same.)
--
guy at albertelli.com 0-7-1-6-27,137
More information about the LON-CAPA-admin
mailing list