Google Authenticator加强apache安全

https://code.google.com/p/google-authenticator-apache-module/downloads/list

<a href="https://www.361way.com/wp-content/uploads/2013/01/google-auth-for-apache.png"><img src="https://www.361way.com/wp-content/uploads/2013/01/google-auth-for-apache.png" alt="google-auth-for-apache" width="534" height="104" class="aligncenter size-full wp-image-2193" /></a>


[root@localhost tmp]# tar jxvf GoogleAuthApacheModule_v01.bz2
google-authenticator-apache-module/base32.c
google-authenticator-apache-module/base32.h
google-authenticator-apache-module/googleauth.conf
google-authenticator-apache-module/hmac.c
google-authenticator-apache-module/hmac.h
google-authenticator-apache-module/Makefile
google-authenticator-apache-module/mod_authn_google.c
google-authenticator-apache-module/README
google-authenticator-apache-module/sha1.c
google-authenticator-apache-module/sha1.h
[root@localhost tmp]# cd google-authenticator-apache-module/
[root@localhost google-authenticator-apache-module]# ll

-rw-r--r-- 1 www www  2477 2011-04-30 base32.c
-rw-r--r-- 1 www www  1391 2011-04-30 base32.h
-rw-r--r-- 1 www www  1655 2011-04-30 googleauth.conf
-rw-r--r-- 1 www www  2495 2011-04-30 hmac.c
-rw-r--r-- 1 www www   919 2011-04-30 hmac.h
-rw-r--r-- 1 www www   287 2011-04-30 Makefile
-rw-r--r-- 1 www www 15370 2011-04-30 mod_authn_google.c   //注意该文件一定要先替换掉。
-rw-r--r-- 1 www www  1478 2011-04-30 README
-rw-r--r-- 1 www www 10966 2011-04-30 sha1.c
-rw-r--r-- 1 www www  1195 2011-04-30 sha1.h
[root@localhost google-authenticator-apache-module]# make &&make install

make install 安装完成后，可能会出现一个报错，内容如下：

sudo cp .libs/mod_authn_google.so /usr/local/apache2/modules/
cp: 无法创建一般文件“/usr/local/apache2/modules/”: 没有那个文件或目录
make: *** [install] 错误 1

apxs -i -a -n authn_google mod_authn_google.so

-i 安装

-a 自动添加 LoadModule 语句，方便加载

-n authn_google 安装后模块的名字

mod_authn_google.so 刚才下载得到的模块的文件名

cp .libs/mod_authn_google.so /etc/httpd/modules/

LoadModule authn_google_module /usr/local/apache2/modules/mod_authn_google.so

Alias /testlink "/var/www/html/testlink"

Options FollowSymLinks Indexes ExecCGI
AllowOverride All   # 允许每个目录下通过 .htaccess 覆盖这里的全局设置
Order deny,allow
Allow from all
AuthType Basic
AuthName "Secret"   # 弹出窗口的提示信息
AuthBasicProvider "google_authenticator"
Require valid-user
GoogleAuthUserPath /tmp/googletest  # 保存认证信息的目录
GoogleAuthCookieLife 3600  # Cookies 有效时间，这段时间内不用再输密码，单位为秒
GoogleAuthEntryWindow 2   # 当时间不同步时，允许有这样的正负误差。以 30s 为单位


cp ~/.google_authenticator  /tmp/googletest/361way
chmod 640 361way //避免其他用户修改该文件的内容
chown root:apache 361way  //让apache用户组具有读取该文件的权限

[root@localhost modules]# /etc/init.d/httpd restart

Cookie in header: "(null)"
**** PW AUTH at  T=1357464913  user  "aaa"
(2)No such file or directory: check_password: Could not open password file: /tmp/googletest/(null)
user aa: authentication failure for "/testlink/": Password Mismatch

bug修复后的验证日志也在apache的error_log日志中，access日志中不会记录 。具体如下：

**** COOKIE AUTH at  T=1357464923
Cookie in header: "google_authn=361way:1357468521:2a26GUrnKDk8+Zp8wD37jGa3+5A=:"
Found cookie Expires "1357468521" Valid "2a26GUrnKDk8+Zp8wD37jGa3+5A="
Match cookie "2a26GUrnKDk8+Zp8wD37jGa3+5A=" vs  "2a26GUrnKDk8+Zp8wD37jGa3+5A="
User 361way auth granted from cookie
Created cookie expires 1357469123 (time = 3600) hash is AoVthaJtnVbRSy3TjwpuHdhoawI= Cookie: google_authn=361way:1357469123:AoVthaJtnVbRSy3TjwpuHdhoawI=:

https://wzyboy.im/post/869.html  （ubuntu的安装步骤）

https://code.google.com/p/google-authenticator-apache-module/issues/detail?id=3 （该模块的wiki页面）

《Google Authenticator加强apache安全》有17条评论

1. You actually make it seem so easy with your presentation but I find this topic to be really something that I think I would never understand. It seems too complicated and extremely broad for me. I am looking forward for your next post, I’ll try to get the hang of it!

2. I like the helpful info you supply on your articles. I’ll bookmark your blog and take a look at again right here frequently. I am rather certain I’ll learn a lot of new stuff right here! Best of luck for the following!

3. I’m curious to find out what blog system you have been working with? I’m having some minor security problems with my latest website and I’d like to find something more safeguarded. Do you have any suggestions?

1. admin说道：

wordpress

4. Hi, I think your website might be having browser compatibility issues. When I look at your website in Safari, it looks fine but when opening in Internet Explorer, it has some overlapping. I just wanted to give you a quick heads up! Other then that, superb blog!

5. Excellent way of describing, and good post to obtain data concerning my presentation focus, which i am going to present in university.

6. Hi my loved one! I want to say that this article is awesome, nice written and include approximately all vital infos. I’d like to peer more posts like this .

7. These are actually impressive ideas in regarding blogging. You have touched some fastidious points here. Any way keep up wrinting.

8. Ervin说道：

Every weekend i used to pay a quick visit this site, as i want enjoyment, for the reason that this this web site conations in fact fastidious funny material too.

9. What’s up to every single one, it’s in fact a nice for me to go to see this web site, it contains priceless Information.

10. First of all I want to say wonderful blog! I had a quick question which I’d like to ask if you don’t mind.
I was interested to find out how you center yourself and clear your thoughts prior to writing.
I’ve had a difficult time clearing my mind in getting my ideas out there. I do take pleasure in writing however it just seems like the first 10 to 15 minutes are generally lost simply just trying to figure out how to begin. Any recommendations or tips? Many thanks!

11. Good post! We are linking to this particularly great post on our website. Keep up the good writing.

12. I’m not sure where you’re getting your info, but good topic. I needs to spend some time learning more or understanding more. Thanks for great information I was looking for this info for my mission.

13. Hi there very nice web site!! Guy .. Beautiful .. Wonderful .. I will bookmark your web site and take the feeds also? I am glad to seek out numerous useful information right here in the submit, we need work out extra strategies on this regard, thanks for sharing. . . . . .

14. Hello! I could have sworn I’ve been to this website before but after reading through some of the post I realized it’s new to me. Anyhow, I’m definitely delighted I found it and I’ll be book-marking and checking back frequently!

15. I seriously love your website.. Very nice colors & theme. Did you make this web site yourself? Please reply back as I’m planning to create my very own blog and would like to learn where you got this from or just what the theme is called. Many thanks!|

1. admin说道：

yes ,i doing it by myself . the theme callld inove_white , but i change something of this theme.