Installation – RPM Package

• Install the EPEL6 repository

  rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

  If you are running RHEL 5, you will have to install a different version of EPEL. Commands to install EPEL 5 as well as further documentation can be found at: https://fedoraproject.org/wiki/EPEL/FAQ#How_can_I_install_the_packages_from_the_EPEL_software_repository.3F

• Now you will need to perform an installation via yum on mod_auth_cas

  yum install mod_auth_cas

  You will be prompted to install the package, select yes. You also may receive a warning regarding the importation of the EPEL GPG-KEY (similar to the one found below). Select yes when prompted.

  warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
  Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
  Importing GPG key 0x0608B895:
   Userid : EPEL (6) <epel@fedoraproject.org>
   Package: epel-release-6-8.noarch (installed)
   From   : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
  Is this ok [y/N]:

• You will now need to create/update your mod_auth_cas configuration in Apache. The usual location for this file is /etc/httpd/conf.d/cas.conf, although it does not necessarily need to be found there.
  If you are having trouble locating this file, you can run the grep command below to help locate it.

  grep -ir "CASCertificatePath" /etc/httpd

  Once you have located the file, make sure that the following are specified:

  CASCookiePath       /var/cache/mod_auth_cas/
  CASCertificatePath  /etc/pki/tls/certs
  CASLoginURL         https://login.uconn.edu/cas/login
  CASValidateURL      https://login.uconn.edu/cas/serviceValidate
  CASProxyValidateURL https://login.uconn.edu/cas/proxyValidate

• Apache will now have to be restarted for the changes to take effect.

  service httpd restart

Installation – Red Hat (source)

1. 1. Install prerequisite packages

      yum install gcc git httpd-devel libcurl-devel openssl-devel pcre-devel autoconf libtool redhat-rpm-config

   2. Setup workspace in /tmp and retrieve package. Add the proxy configuration command below if your server is in private space

      cd /tmp
      # Set proxy if you are in private address space
      export ALL_PROXY=proxy.uconn.edu:80
      git clone https://github.com/Jasig/mod_auth_cas.git
      cd mod_auth_cas

   3. Compile and install

      autoreconf -iv
      ./configure --with-apxs=/usr/bin/apxs
      make
      # If you see an error message like the following:
      # WARNING: 'aclocal-1.12' is missing on your system.
      # then run this command
      # cp -p /usr/bin/aclocal /usr/bin/aclocal-1.12; cp -p /usr/bin/automake /usr/bin/automake-1.12
      # and re-run 'make'. Remember to remove aclocal-1.12 and automake-1.2 when you're done
      make install

   4. Make cache directory

      mkdir /var/cache/mod_auth_cas
      chown apache:apache /var/cache/mod_auth_cas

   5. Install the CAS configuration file, shown here to /etc/httpd/conf.d/cas.conf

      LoadModule auth_cas_module modules/mod_auth_cas.so
      CASCookiePath /var/cache/mod_auth_cas/
      CASCertificatePath /etc/pki/tls/certs/ca-bundle.crt
      CASLoginURL https://login.uconn.edu/cas/login
      CASValidateURL https://login.uconn.edu/cas/serviceValidate
      CASProxyValidateURL https://login.uconn.edu/cas/proxyValidate

   6. Restart Apache

      service httpd restart

Installation – Debian (source)

1. 1. Install prerequisite packages

      apt-get install apache2-dev libcurl4-openssl-dev dh-autoreconf

   2. Obtain the 1.0.9.1 release (or the most recent release) from Github via the link below. Transfer the compressed (.zip/tar.gz) to your server.
      https://github.com/Jasig/mod_auth_cas/releases/tag/v1.0.9.1
   3. Create a working directory, and unpack the zip
   4. Remove the previous installation of mod_auth_cas

      apt-get remove libapache2-mod-auth-cas

   5. Compile and install

      autoreconf -iv 
      ./configure --with-apxs=/usr/bin/apxs2 
      make  
      make install

   6. Create a directory to be used as a cache

      mkdir /var/cache/apache2/mod_auth_cas; chown www-data:www-data /var/cache/apache2/mod_auth_cas/

   7. Create/edit the CAS configuration file (add the configuration below) in /etc/apache2/mods-available/auth_cas.conf

      <IfModule !mod_auth_cas.c>
          LoadModule          auth_cas_module /usr/lib/apache2/modules/mod_auth_cas.so
      </IfModule>
      CASCookiePath       /var/cache/apache2/mod_auth_cas/
      CASLoginURL         https://login.uconn.edu/cas/login
      CASValidateURL      https://login.uconn.edu/cas/serviceValidate
      CASProxyValidateURL https://login.uconn.edu/cas/proxyValidate
      CASCertificatePath  /etc/ssl/certs
      CASIdleTimeout 14400
      CASTimeout 14400
      

   8. Apache will now have to be restarted for the changes to take effect.

      service apache2 restart

   9. Clean up any source files. You can safely delete the directory with the mod_auth_cas source if you desire

Configuration

To configure mod_auth_cas to protect your site or a specific directory, you will add the following to your site’s VirtualHost:

AuthType CAS
require user abc12345

If you would like to specify that any user can log into a site, you would add the following:

AuthType CAS
require valid-user

Once you have your configuration setup, you will have to restart Apache to have changes take effect. This configuration can also be placed in .htaccess and will take effect without a restart of Apache.