One Time Passwords with Apache
TODO: This page and attached code needs to be updated to utilise the FreeAuth? method, rather than the old mOTP method.
See OTP Implementation? for further details.
Installing the apache module
Go here and grab the latest for the version of apache you are running.
wget http://www.unixpapa.com/software/mod_auth_external-x.y.z.tar.gz tar xzvf mod_auth_external-x.y.z.tar.gz
In debian based systems you need to make sure apache-dev (or apache2-dev) is installed.
apt-get install apache-dev
Then:
apxs -c mod_auth_external.c apxs -i -a mod_auth_external.so
This will build and install the module, and add the load line to httpd.conf.
Apache Configuration
The usual ways to provide http authentication apply, you can configure .htaccess or in the main apache configuration, I'll only deal with the latter in this document.
In /etc/apache/httpd.conf below any module load lines put something like the following:
AddExternalAuth archive_auth /usr/bin/MOTP.php SetExternalAuthMethod archive_auth pipe <Directory /path/to/files/to/protect> AuthName "phpMyAdmin" AuthType Basic AuthExternal archive_auth require valid-user Satisfy all </Directory>
House keeping
You will also need to make some directories to store cookies and login attempts.
mkdir -p /var/motp/cookies mkdir -p /var/motp/cache mkdir -p /var/motp/users
You also need to download a copy of the OTP script...
I saved it as /usr/bin/MOTP.php, you also need to make it executable:
chmod 755 /usr/bin/MOTP.php
and that's pretty much it, make sure you restart apache etc.