
This file contains the Windows-specific installation instructions. They
are based upon installing Apache 2.0.47 using the standard Apache MSI
file. 

See also:

http://httpd.apache.org/docs-2.0/platform/windows.html

For more windows-specific Apache information.

------------------------------------------------------------
NOTE: There is currently an Apache bug under Windows where
      stopping and/or restarting Apache causes a fatal exception.
 
     This happens when running Apache+mod_ssl (and no webauth code),
     and appears to be an Apache APR pool cleanup ordering issue.
     There are numerous bugs filed on this issue with the Apache Group.

------------------------------------------------------------



 0. Install Apache 2.0.47 using the Apache MSI file:

   apache_2.0.47-win32-x86-no_ssl.msi


 1. Extract the zip file

    extract the webauth-3.2.0.zip file into the same directory Apache was
    installed to, which by default is:

    C:\Program Files\Apache Group\Apache2\

    the zip file contains the following files:

        file                             origin of file
        ------------------               ------------------
	bin/saslGSSAPI.dll               Cyrus SASL
	bin/libsasl.dll                  Cyrus SASL
	bin/krb5.ini                     MIT K5 (Stanford krb5.conf)
	bin/gssapi32.dl                  MIT K5
	bin/comerr32.dll                 MIT K5
	bin/krb5_32.dll                  MIT K5
	bin/libcurl.dll                  cURL
	bin/libeay32.dll                 OpenSSL
	bin/ssleay32.dll                 OpenSSL
	bin/libwebauth.dll               WebAuth
	modules/mod_webauth.so           WebAuth
	modules/mod_webauthldap.so       WebAuth
	modules/mod_ssl.so               Apache mod_ssl
	conf/stanford-webauth.conf       WebAuth
	conf/stanford-ldap.conf          WebAuth
	conf/webauth-ssl.conf            WebAuth
	conf/webauth/ca-bundle.crt       cURL
 	conf/webauth/sasl.reg            WebAuth

    Note that stanford-webauth.conf is the standard stanford-webauth.conf
    file distributed with WebAuth with the following extra line added
    to it:

    # point to the cURL ca-bundle.crt file
    WebAuthWebKdcSSLCertFile conf/webauth/ca-bundle.crt

    This is needed for cURL to be able to locate it ca-bundle.crt file under
    windows.

    Also note that the user that Apache is running as will need to write
    access to the conf/webauth/ directory to create the
    service_token_cache, keyring, and (if using mod_webauthldap) the
    krb5cc_ldap ticket file(s).


 2. Set location of SASL plugins in the Registry

    Pick one of these three methods to update the registry so the SASL
    library can find the location of the GSSAPI plugin. This step
    can be skipped if you aren't going to run mod_webauthldap.

    a. manually using regedit

      Create the following key:

      [HKEY_LOCAL_MACHINE\SOFTWARE\Carnegie Mellon\Project Cyrus\SASL Library]

      And add this key to it: 
   
      "SearchPath"="C:\\Program Files\\Apache Group\\Apache2\\bin"

    b. from the command line:

      cd "C:\Program Files\Apache Group\Apache2\conf\webauth"
      regedit /s sasl.reg


    c. from a file explorer window:

       navigate to "C:\Program Files\Apache Group\Apache2\conf\webauth"
       double-click on sasl.reg

 3. edit/update Apache conf files

  
    a. edit conf/httpd.conf 

       include stanford-webauth.conf and stanford-ldap.conf:

       Include conf/stanford-webauth.conf
       Include conf/stanford-ldap.conf

       If you aren't going to run mod_webauthldap, then don't include
       stanford-ldap.conf.


       Also, uncomment the LoadModule line for mod_ssl.so:

       LoadModule ssl_module modules/mod_ssl.so

    b. edit conf/ssl.conf

       If you have an existing conf/ssl.conf file then do the following:

       Comment out <IfDefine SSL> and </IfDefine> so SSL is always started

       #<IfDefine SSL>
       ...
       #</IfDefine>

       change SSLMutex to be "default" if it isn't already:

 
       SSLMutex default

       Also update SSLCertificateFile and SSLCertificateKeyFile if need
       be after installing your certificate file and key.

       If you don't have an existing ssl.conf file (you won't if you just
       installed Apache), then copy conf/webauth-ssl.conf to ssl.conf:

       copy conf\webauth-ssl.conf conf\ssl.conf


  4. See the WebAuth installation guide for further instructions on
     installing a keytab and getting an SSL certificate:

     <http://webauthv3.stanford.edu/install.html>


     NOTE: leland_srvtab is only available from a UNIX system, so 
           the keytab file needs to be generated from there
           and securely transferred to your Windows system. 

  5. version information

     At the time everything was built, these are the versions
     that were used:

     Apache 2.0.47  
     cURL 7.10.6
     Cyrus SASL 2.1.15
     OpenLDAP 2.1.22 (statically linked in mod_webauthldap.so)
     OpenSSL 0.9.7b
     MIT KRB5 1.2.8
     WebAuth 3.2.0
