Building and Installing on Mac OS X
From cosign wiki
Contents |
Overview
This page will guide you through building and installing Cosign on Mac OS X. For additional notes regarding an installation on Mac OS X Server, please see Leopard Server Install.
Building and Installing
Requirements
You will need to have the current Xcode Tools installed. Download them from Apple's developer site or the Mac App Store. These notes also assume you have Apache 1.x or Apache2 installed. Recent Mac OS X releases include Apache2.
NOTE: if you haven't installed Xcode previously, be sure to run Xcode so it installs the components and agree to the license before continuing. Also, if you want to install all the parts without doing a lot of extra work, you will need to manually download and install the xCode command line tools from the Apple Developer site (at least for xCode 6.1.1 as of March 2015)
Get the Source
Download the latest release of Cosign from weblogin.org.
Configure the Build
In Terminal, decompress the archive and change to the Cosign source directory:
tar zxf cosign-VERSION.tar.gz cd cosign-VERSION
If building for Apache 1.x, use --enable-apache1=/path/to/apxs. If building for Apache2, use --enable-apache2=/path/to/apxs2. If building for Mac OS X Server, you'll probably want to add --enable-universal-binaries, which will give you four-architecture (i386, x86_64, ppc, and ppc64) binaries of the daemon, CGIs, and the Apache filters.
./configure --enable-apache2=/usr/sbin/apxs --enable-universal-binaries --enable-krb --with-gss
NOTE: For Mac OS X 10.7 Server and later, you can not build universal binaries, so the command would be:
./configure --enable-apache2=/usr/sbin/apxs --enable-krb --with-gss
NOTE: For Mac OS X 10.11 Server and later, System Integrity Protection is enabled by default so you can't write directly to /etc/apache2 -- even as root -- so the command should be something like :
./configure --enable-apache2=/usr/sbin/apxs --enable-krb --with-gss --prefix=/usr/local/cosign
Build the Apache Filter
make
NOTE 1: FOR OSX SERVER: xCode has an issue where a compiler path is missing. Before running "make", you will need to do this:
cd /Applications/Xcode.app/Contents/Developer/Toolchains
sudo ln -s XcodeDefault.xctoolchain OSX<OSVERSION>.xctoolchain (REPLACE <OSVERSION> with your operating system version!)
Example:
sudo ln -s XcodeDefault.xctoolchain OSX10.10.xctoolchain
NOTE 2: For systems running Apache 2.4 (Mac OS X 10.10) -- you must modify a file *BEFORE* running "make".
1) in your "cosign-<version>" directory, go to filters/apache2 (not filters/apache!)
2) Edit mod_cosign.c to replace *TWO* instances of "remote_ip" with "client_ip":
cv = cosign_cookie_valid( cfg, cookie, &rekey, &si, r->connection->remote_ip, r->server );
and
cv = cosign_cookie_valid( cfg, my_cookie, NULL, &si, r->connection->remote_ip, r->server );
NOTE 3: Running "make" at this point will generate a lot of "deprecated" warning messages on Mac OS X Server 10.7 and later -- these can be ignored when installing cosign 3.2.0 (as of August 2012)
Build All Weblogin Components (Optional)
If you intend to set up a weblogin environment, you'll need to build the daemon and CGIs:
sudo make everything
Install
sudo make install
or
sudo make install-all
if you're setting up a central weblogin server.
Create Support Directories
The cosign filter, [mod_cosign], by default stores service cookies in /var/cosign/filter. You can override the location of the service cookie directory using the [CosignFilterDB] directive, but the default location is fine for most uses. The directory must exist, and the Apache user, www, must be the owner of the directory:
sudo mkdir -p -m 0750 /var/cosign/filter sudo chown www:www /var/cosign/filter
Next Steps
At this point, you should have all the pieces in place. For instructions on configuring Cosign with Apache, please see these instructions. The Leopard Server Install, Lion Server Install, and Mountain Lion Server install notes (now updated for Yosemite server!), although focused on the University of Michigan's environment, should help get you up and running on Mac OS X Server. This page describes setting up a complete weblogin environment.
Questions and discussion are always welcomed on the cosign-discuss mailing list.