Installing WebAuth on Windows
This file contains the Windows-specific installation instructions. They are based upon installing Apache 2.0.47 using the standard Apache MSI file.
You should also read the Apache for Windows page.
NOTE: This port is unsupported. It is provided on an as-is basis in the hope that people will find it useful, and for Windows users to experiment with. We welcome feedback and contributions, but the Windows port is currently a low priority and we cannot provide installation help beyond the documentation. If you find this port useful and feel that we should fully support it, please let us know; if enough people request support, we may be able to find resources to do so.
WARNING: There is currently an Apache bug under Windows where stopping and/or restarting Apache causes a fatal exception. This happens when running Apache+mod_ssl (and no WebAuth code), and appears to be an Apache APR pool cleanup ordering issue. There are numerous bugs filed on this issue with the Apache Group.
Install Apache 2.0.47 using the Apache MSI file:
apache_2.0.47-win32-x86-no_ssl.msi
Download the Windows binaries and extract the webauth-3.2.0.zip file into the same directory Apache was installed to, which by default is:
C:\Program Files\Apache Group\Apache2\
The .zip file contains the following files:
file origin of file ------------------ ------------------ bin/saslGSSAPI.dll Cyrus SASL bin/libsasl.dll Cyrus SASL bin/krb5.ini MIT K5 (Stanford krb5.conf) bin/gssapi32.dl MIT K5 bin/comerr32.dll MIT K5 bin/krb5_32.dll MIT K5 bin/libcurl.dll cURL bin/libeay32.dll OpenSSL bin/ssleay32.dll OpenSSL bin/libwebauth.dll WebAuth modules/mod_webauth.so WebAuth modules/mod_webauthldap.so WebAuth modules/mod_ssl.so Apache mod_ssl conf/stanford-webauth.conf WebAuth conf/stanford-ldap.conf WebAuth conf/webauth-ssl.conf WebAuth conf/webauth/ca-bundle.crt cURL conf/webauth/sasl.reg WebAuthNote that stanford-webauth.conf is the standard stanford-webauth.conf file distributed with WebAuth with the following extra line added to it:
# point to the cURL ca-bundle.crt file WebAuthWebKdcSSLCertFile conf/webauth/ca-bundle.crtThis is needed for cURL to be able to locate it ca-bundle.crt file under Windows.
Also note that the user that Apache is running as will need to write access to the conf/webauth/ directory to create the service_token_cache, keyring, and (if using mod_webauthldap) the krb5cc_ldap ticket file(s).
Set location of SASL plugins in the Registry.
Pick one of these three methods to update the registry so the SASL library can find the location of the GSSAPI plugin. This step can be skipped if you aren't going to run mod_webauthldap.
Manually using regedit. Create the following key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Carnegie Mellon\Project Cyrus\SASL Library]
and add this key to it:
"SearchPath"="C:\\Program Files\\Apache Group\\Apache2\\bin"
From the command line, run:
cd "C:\Program Files\Apache Group\Apache2\conf\webauth" regedit /s sasl.regFrom a File Explorer window, navigate to:
C:\Program Files\Apache Group\Apache2\conf\webauth
and double-click on sasl.reg.
Edit and/or update the Apache configuration files.
Edit conf/httpd.conf to include stanford-webauth.conf and stanford-ldap.conf by adding the lines:
Include conf/stanford-webauth.conf Include conf/stanford-ldap.confIf you aren't going to run mod_webauthldap, then don't include stanford-ldap.conf.
Also, uncommong the LoadModule line for mod_ssl.so:
LoadModule ssl_module modules/mod_ssl.so
Edit conf/ssl.conf. If you have an existing conf/ssl.conf, then do the following: Comment out <IfDefine SSL> and </IfDefine> so that SSL is always started:
#<IfDefine SSL> ... #</IfDefine>
Change SSLMutex to be "default" if it isn't already:
SSLMutex default
Also update SSLCertificateFile and SSLCertificateKeyFile if need be after installing your certificate file and key.
If you don't have an existing ssl.conf file (you won't if you've just installed Apache), copy conf/webauth-ssl.conf to ssl.conf:
copy conf\webauth-ssl.conf conf\ssl.conf
See the WebAuth installation guide for further instructions on installing a keytab and getting an SSL certificate.
NOTE: leland_srvtab is only available from a Unix system, so for Stanford users, the keytab file needs to be generated from there and securely transferred to your Windows system.
Here is the version information for what is included in this package:
Apache 2.0.47
cURL 7.10.6
Cyrus SASL 2.1.15
OpenLDAP 2.1.22 (statically linked in mod_webauthldap.so)
OpenSSL 0.9.7b
MIT KRB5 1.2.8
WebAuth 3.2.0
