|Applies To||RSA ACE/Agent for Web (Apache)|
The versions of Apache Web Server and associated modules used in this solution are currently unsupported by RSA Security. They have been smoke tested, and were able to successfully perform authentication. These versions have not been certified through QA, and do not currently have the promise of Engineering resources to overcome technical issues involving bugs, should such issues arise. -- April 09, 2002
|Issue||Rapid Deployment Procedures for ACE/Apache Web Agent On Linux (including complete Apache Server Installation)|
Protect Apache Web Server 1.3.24 with ACE authentication
|Resolution||1. Download and Copy the required packages to a common directory|
2. Extract the required packages:
$ gzip -d -c apache_1.3.24.tar.gz | tar xvf -
$ gzip -d -c mod_ssl-2.8.x-1.3.24.tar.gz | tar xvf -
$ gzip -d -c openssl-0.9.6c.tar.gz | tar xvf -
3. Install Open SSL:
$ make test
$ make install
4. Install Mod_ssl:
$ cd mod_ssl-2.8.x-1.3.24
$ ./configure \
$ cd ..
$ cd apache_1.3.24
5. Install the Apache 1.3 HTTP server with APACI:
$ ./configure --prefix=/usr/local/apache \
$ make certificate
$ make install
6. Install the ACE/Agent 5.0 for Apache Web
Add a VAR_ACE environment variable to your Web server configuration file (usr/local/apache/conf/httpd.conf) so it is set whenever the Web server runs. This environment variable identifies the location of the sdconf.rec file (e.g. setenv VAR_ACE /var/ace).
Copy the sdconf.rec file to the defined $VAR_ACE directory
cd to the Agent directory
Accept the defaults
$ ./usr/local/apache/bin/apachectl startssl
Enter the following URL into a Web browser: http://SERVERNAME/
You should now be prompted for authentication
If you are NOT challenged, try the following:
$ cd /usr/local/apache/rsawebagent/
This will bring up an authentication test client. If this fails to authenticate, troubleshoot for generic authentication issues. Run an ACE/Log Monitor on the ACE/Server and authenticate again.
If the first authentication was successful but subsequent authentications fail:
Change the group relationship of /var/ace to other with:
chgrp other /var/ace
In database administration on the ACE/Server under Agent Host, Edit Agent host, uncheck the Node Secret Sent checkbox. Then authenticate successfully two more times.
This will display configuration information contained in the sdconf.rec file. Make sure that the information is correct and the hostnames and addresses are resolvable as displayed.
If all authentications fail, try running:
Add the Web Server as a specific identity, then try disabling protection for all but one resource. Then reboot the Web Server's Operating System.
Test access to an unprotected URL
Test access to a protected URL
Check the HTTPD.conf file - the end should read as follows:
setenv VAR_ACE /var/ace
|###### WARNING: DO NOT EDIT THIS BLOCK. ANYTHING ADDED WILL BE REMOVED BY
|###### THE NEXT INSTALLATION OF RSA WEB AGENT
$ cd /usr/local/apache/rsawebagent
Displays sdconf.rec Server information, verify the correctness and resolvability of the values
Provides test authentication functionality
Run this and add the Web Server as a specific server
Try disabling authentication for all resources but a single page. Then test access unauthenticated, if successful test authenticated.
Try rebooting the Web Server if you still have an issue.
|Legacy Article ID||a10056|