[LON-CAPA-admin] secure login to LON-CAPA using LDAP

Guy Albertelli II guy at albertelli.com
Tue Sep 19 10:38:59 EDT 2006

Hi Stefan,

> We need user login with https, otherwise our network crew will not allow
> LDAP authentication. We do not want to send uncrypted passwords over the
> network. And I think noone really wants this ;-)

Well the login page currently doesn't send clear text passwords.

> Best solution, I was told, is to run whole LON-CAPA under https. At
> least, changing the user login to https is a must.

Process for FC5 making the whole website to be under https:

- install mod_ssl
yum install mod_ssl

- open port 443 up
   (Customize -> Enable Secure WWW (HTTPS) -> OK -> OK)
/etc/init.d/iptables restart

- restart lon-capa
/etc/init.d/loncontrol stop
/etc/init.d/loncontrol start
/etc/init.d/httpd restart

At this point you should be able to login and lon-capa will work under

To force everyone to https:

- Edit /etc/httpd/conf/httpd.conf

- make sure that the line:
LoadModule rewrite_module modules/mod_rewrite.so

Exists and is not commented out.

- add this to the bottom of httpd.conf:

RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [R,L]

This only currently works under FC5, all other dists 
(FC4, RHEL4, and SLES 9 and SuSE 9.3) are more complicated at this
time. (But the basic idea is the same.)

guy at albertelli.com   0-7-1-6-27,137

More information about the LON-CAPA-admin mailing list