Loading ...
Sorry, an error occurred while loading the content.

Re: [Fwd: AuthenNTLM and slow web server]

Expand Messages
  • Stefano Ciancio
    Hi, I have seen better the log and the error in apache s error.log was about some gif that the web server not found. But the big problem with this module is
    Message 1 of 27 , Oct 31, 2003
    • 0 Attachment
      Hi,

      I have seen better the log and the error in apache's error.log was about some
      gif that the web server not found.
      But the big problem with this module is that seem for each object it require an
      authentication from pdc/bdc. This behaviour causes the web server to go _very_
      slow. The user must wait ten of seconds to load a single web page.

      I want use this module to obtain a single sign on in the Intranet of my company
      that have thousands of users in some trusted NT pdc/bdc.
      Do you think that this module could working fine? Exists some other mechanism to
      obtain the single sign on with ntlm?

      Thanks
      Stefano

      P.S. this is the first version of AuthentNTLM that I have tried.

      On Fri, 31 Oct 2003 08:41:39 -0600
      Shannon Eric Peevey <speeves@...> wrote:

      > Shannon Eric Peevey wrote:
      >
      > >
      > >
      > > -------- Original Message --------
      > > Subject: AuthenNTLM and slow web server
      > > Date: Thu, 30 Oct 2003 17:59:49 +0100
      > > From: Stefano Ciancio <s.ciancio@...>
      > > Organization: Italia On Line
      > > To: speeves@...
      > >
      > >
      > >
      > > Hi,
      > >
      > > I am using the apache module Apache-AuthenNTLM-2.04 with apache 1.3,
      > > but I am
      > > having some problem with it.
      > >
      > > I view some time_wait session to windows pdc and many error in apache's
      > > error.log.
      > > Moreover this also seems to cause the web server to go _very_ slow.
      > >
      > > My httpd.conf configuration is standard
      > > <Location />
      > > PerlAuthenHandler Apache::AuthenNTLM AuthType ntlm,basic
      > > AuthName test
      > > require valid-user
      > >
      > > PerlAddVar ntdomain "name_domain1 name_of_pdc1"
      > > PerlAddVar ntdomain "other_domain pdc_for_domain
      > > bdc_for_domain"
      > >
      > > PerlSetVar defaultdomain wingr1
      > > PerlSetVar ntlmdebug 0
      > > </Location>
      > >
      > > with keepAlive setted to On.
      > >
      > > Have you an an idea why this is happening?
      > >
      > > Thanks,
      > > Stefano
      > >
      > Hi!
      >
      > Can you set "ntlmdebug" = 2 and send me the sections of the error_log
      > that you are talking about?
      >
      > thanks,
      > speeves
      > cws
      >
      > BTW, did you have this working correctly with any other version
      > Apache-AuthenNTLM?
      >
    • Leo Lapworth
      ... We are working on something similar at the moment, we are planning on creating a wrapper module which checks for a cookie, if that is not set then it used
      Message 2 of 27 , Nov 1, 2003
      • 0 Attachment
        On Fri, Oct 31, 2003 at 08:08:02PM +0100, Stefano Ciancio wrote:
        > But the big problem with this module is that seem for each object it require an
        > authentication from pdc/bdc. This behaviour causes the web server to go _very_
        > slow. The user must wait ten of seconds to load a single web page.

        We are working on something similar at the moment, we are planning
        on creating a wrapper module which checks for a cookie, if that is
        not set then it used AuthenNTML and sets the cookie (just for
        the browser session), but if it is set we know that the user
        has been authenticated and therefor only have to check authentication
        once per user per session.

        Once we get it working I'll post it on the net somewhere and
        a message here.

        Leo
      • Michael Parker
        ... It s fairly easy to knock a PDC/BDC over if you throw enough authentication requests at it. The key is to do everything possible to limit the number of
        Message 3 of 27 , Nov 2, 2003
        • 0 Attachment
          On Fri, Oct 31, 2003 at 08:08:02PM +0100, Stefano Ciancio wrote:
          >
          > Hi,
          >
          > I have seen better the log and the error in apache's error.log was about some
          > gif that the web server not found.
          > But the big problem with this module is that seem for each object it require an
          > authentication from pdc/bdc. This behaviour causes the web server to go _very_
          > slow. The user must wait ten of seconds to load a single web page.
          >
          > I want use this module to obtain a single sign on in the Intranet of my company
          > that have thousands of users in some trusted NT pdc/bdc.
          > Do you think that this module could working fine? Exists some other mechanism to
          > obtain the single sign on with ntlm?
          >

          It's fairly easy to knock a PDC/BDC over if you throw enough
          authentication requests at it. The key is to do everything possible
          to limit the number of authentication requests it has to make.
          Someone mentioned using cookies, which is one way. There have been
          several discussed over the years on this list. You should check the
          archives to give you some ideas on how to solve the problem. I found
          the most success using one of the authentication caching modules.

          Michael
        • Stefano Ciancio
          Hi Shannon Eric, I have set ntlmdebug = 2 and produced an error.log that I have attached. It seems that the error is: [9100] AuthenNTLM: Authorization Header
          Message 4 of 27 , Nov 3, 2003
          • 0 Attachment
            Hi Shannon Eric,

            I have set "ntlmdebug" = 2 and produced an error.log that I have attached.

            It seems that the error is:

            [9100] AuthenNTLM: Authorization Header <not given>

            I don't know its means ...

            Can you help me?

            Stefano



            On Fri, 31 Oct 2003 08:41:39 -0600
            Shannon Eric Peevey <speeves@...> wrote:

            > Shannon Eric Peevey wrote:
            >
            > >
            > >
            > > -------- Original Message --------
            > > Subject: AuthenNTLM and slow web server
            > > Date: Thu, 30 Oct 2003 17:59:49 +0100
            > > From: Stefano Ciancio <s.ciancio@...>
            > > Organization: Italia On Line
            > > To: speeves@...
            > >
            > >
            > >
            > > Hi,
            > >
            > > I am using the apache module Apache-AuthenNTLM-2.04 with apache 1.3,
            > > but I am
            > > having some problem with it.
            > >
            > > I view some time_wait session to windows pdc and many error in apache's
            > > error.log.
            > > Moreover this also seems to cause the web server to go _very_ slow.
            > >
            > > My httpd.conf configuration is standard
            > > <Location />
            > > PerlAuthenHandler Apache::AuthenNTLM AuthType ntlm,basic
            > > AuthName test
            > > require valid-user
            > >
            > > PerlAddVar ntdomain "name_domain1 name_of_pdc1"
            > > PerlAddVar ntdomain "other_domain pdc_for_domain
            > > bdc_for_domain"
            > >
            > > PerlSetVar defaultdomain wingr1
            > > PerlSetVar ntlmdebug 0
            > > </Location>
            > >
            > > with keepAlive setted to On.
            > >
            > > Have you an an idea why this is happening?
            > >
            > > Thanks,
            > > Stefano
            > >
            > Hi!
            >
            > Can you set "ntlmdebug" = 2 and send me the sections of the error_log
            > that you are talking about?
            >
            > thanks,
            > speeves
            > cws
            >
            > BTW, did you have this working correctly with any other version
            > Apache-AuthenNTLM?
          • Shannon Eric Peevey
            ... Are you creating something along the lines of a: Apache-AuthCookieNTML ? It seems that a lot of these questions would be resolved by a module that would
            Message 5 of 27 , Nov 3, 2003
            • 0 Attachment
              Leo Lapworth wrote:

              >On Fri, Oct 31, 2003 at 08:08:02PM +0100, Stefano Ciancio wrote:
              >
              >
              >>But the big problem with this module is that seem for each object it require an
              >>authentication from pdc/bdc. This behaviour causes the web server to go _very_
              >>slow. The user must wait ten of seconds to load a single web page.
              >>
              >>
              >
              >We are working on something similar at the moment, we are planning
              >on creating a wrapper module which checks for a cookie, if that is
              >not set then it used AuthenNTML and sets the cookie (just for
              >the browser session), but if it is set we know that the user
              >has been authenticated and therefor only have to check authentication
              >once per user per session.
              >
              >Once we get it working I'll post it on the net somewhere and
              >a message here.
              >
              >Leo
              >
              >
              Are you creating something along the lines of a:

              Apache-AuthCookieNTML ?

              It seems that a lot of these questions would be resolved by a module
              that would check for a cookie first, and then throw the auth box when
              the user hasn't been authenticated. Then you could just continue to
              check for a cookie, instead of querying the samba server for every
              image, etc. on the page.

              Could I recommend writing this module, (instead of a work-around piece
              of code)? I think that an Apache-AuthCookieNTLM would benefit a lot of
              people.

              If no one is up to it, let me know and I will start working on one when
              I have the time.

              thanks,
              speeves
              cws


              --
              Reporting bugs: http://perl.apache.org/bugs/
              Mail list info: http://perl.apache.org/maillist/modperl.html
            • Shannon Eric Peevey
              ... Hi! I m sorry, but I have become foggy on the problem here... Are you talking about problems logging in, or web server performance? [9100] AuthenNTLM:
              Message 6 of 27 , Nov 3, 2003
              • 0 Attachment
                Stefano Ciancio wrote:

                >Hi Shannon Eric,
                >
                >I have set "ntlmdebug" = 2 and produced an error.log that I have attached.
                >
                >It seems that the error is:
                >
                >[9100] AuthenNTLM: Authorization Header <not given>
                >
                >I don't know its means ...
                >
                >Can you help me?
                >
                > Stefano
                >
                >
                >
                >
                Hi!

                I'm sorry, but I have become foggy on the problem here... Are you
                talking about problems logging in, or web server performance?

                [9100] AuthenNTLM: Authorization Header <not given>

                This is telling us that the browser is not including an "Authorization" header, which is normal on the initial request from the browser. (The server throws a 401 Authorization Required, which tells the browser that it needs to include an Authorization header.

                There is no error here.

                speeves
                cws




                --
                Reporting bugs: http://perl.apache.org/bugs/
                Mail list info: http://perl.apache.org/maillist/modperl.html
              • Shannon Eric Peevey
                ... Unfortunately, I don t use this module in a production environment, so cannot comment here. Is anyone else seeing this in a live environment? ... I don t
                Message 7 of 27 , Nov 3, 2003
                • 0 Attachment
                  Stefano Ciancio wrote:

                  >Hi,
                  >
                  >I have seen better the log and the error in apache's error.log was about some
                  >gif that the web server not found.
                  >But the big problem with this module is that seem for each object it require an
                  >authentication from pdc/bdc. This behaviour causes the web server to go _very_
                  >slow. The user must wait ten of seconds to load a single web page.
                  >
                  Unfortunately, I don't use this module in a production environment, so
                  cannot comment here. Is anyone else seeing this in a live environment?

                  >
                  >I want use this module to obtain a single sign on in the Intranet of my company
                  >that have thousands of users in some trusted NT pdc/bdc.
                  >Do you think that this module could working fine?
                  >
                  I don't really think that this module was created with this purpose in
                  mind.

                  >Exists some other mechanism to
                  >obtain the single sign on with ntlm?
                  >
                  >
                  Check out my message to Mr. Lapworth at:

                  http://marc.theaimsgroup.com/?l=apache-modperl&m=106788287330640&w=2

                  If he doesn't have the time to create this module, maybe one of you
                  will? If not, I can put it on my to-do list, and could probably have
                  something by late January...

                  speeves
                  cws



                  --
                  Reporting bugs: http://perl.apache.org/bugs/
                  Mail list info: http://perl.apache.org/maillist/modperl.html
                • Leo Lapworth
                  ... This is the general plan - we ve just got Apache::AuthNTML working properly, so going to work on Apache::AuthCookieNTML this week, I ll report back when
                  Message 8 of 27 , Nov 4, 2003
                  • 0 Attachment
                    On Mon, Nov 03, 2003 at 11:55:28AM -0600, Shannon Eric Peevey wrote:
                    > Are you creating something along the lines of a:
                    >
                    > Apache-AuthCookieNTML ?
                    >
                    > It seems that a lot of these questions would be resolved by a module
                    > that would check for a cookie first, and then throw the auth box when
                    > the user hasn't been authenticated.

                    This is the general plan - we've just got Apache::AuthNTML working
                    properly, so going to work on Apache::AuthCookieNTML this week,
                    I'll report back when we've got something up and running.

                    Cheers

                    Leo

                    --
                    Reporting bugs: http://perl.apache.org/bugs/
                    Mail list info: http://perl.apache.org/maillist/modperl.html
                  • Stefano Ciancio
                    On Mon, 03 Nov 2003 15:39:14 -0600 ... Yes, have you right!! My problem is about web server performance and I thought that it depended from some error of the
                    Message 9 of 27 , Nov 4, 2003
                    • 0 Attachment
                      On Mon, 03 Nov 2003 15:39:14 -0600
                      Shannon Eric Peevey <speeves@...> wrote:

                      > Stefano Ciancio wrote:
                      >
                      > >Hi Shannon Eric,
                      > >
                      > >I have set "ntlmdebug" = 2 and produced an error.log that I have attached.
                      > >
                      > >It seems that the error is:
                      > >
                      > >[9100] AuthenNTLM: Authorization Header <not given>
                      > >
                      > >I don't know its means ...
                      > >
                      > >Can you help me?
                      > >
                      > > Stefano
                      > >
                      > >
                      > >
                      > >
                      > Hi!
                      >
                      > I'm sorry, but I have become foggy on the problem here... Are you
                      > talking about problems logging in, or web server performance?
                      >
                      > [9100] AuthenNTLM: Authorization Header <not given>
                      >
                      > This is telling us that the browser is not including an "Authorization"
                      > header, which is normal on the initial request from the browser. (The server
                      > throws a 401 Authorization Required, which tells the browser that it needs to
                      > include an Authorization header.
                      >
                      > There is no error here.
                      >
                      > speeves
                      > cws
                      >

                      Yes, have you right!! My problem is about web server performance and I thought
                      that it depended from some error of the module.


                      Stefano


                      --
                      Reporting bugs: http://perl.apache.org/bugs/
                      Mail list info: http://perl.apache.org/maillist/modperl.html
                    • Shannon Eric Peevey
                      ... Great!! Keep us posted, and don t forget to request a PAUSE account on CPAN so that you can upload your module there :) speeves cws PS Sorry bout the typo
                      Message 10 of 27 , Nov 4, 2003
                      • 0 Attachment
                        Leo Lapworth wrote:

                        >On Mon, Nov 03, 2003 at 11:55:28AM -0600, Shannon Eric Peevey wrote:
                        >
                        >
                        >>Are you creating something along the lines of a:
                        >>
                        >>Apache-AuthCookieNTML ?
                        >>
                        >>It seems that a lot of these questions would be resolved by a module
                        >>that would check for a cookie first, and then throw the auth box when
                        >>the user hasn't been authenticated.
                        >>
                        >>
                        >
                        >This is the general plan - we've just got Apache::AuthNTML working
                        >properly, so going to work on Apache::AuthCookieNTML this week,
                        >I'll report back when we've got something up and running.
                        >
                        >Cheers
                        >
                        >Leo
                        >
                        >
                        Great!! Keep us posted, and don't forget to request a PAUSE account on
                        CPAN so that you can upload your module there :)

                        speeves
                        cws

                        PS Sorry bout the typo in the previous message :P It's really
                        Apache-AuthCookieNTLM...


                        --
                        Reporting bugs: http://perl.apache.org/bugs/
                        Mail list info: http://perl.apache.org/maillist/modperl.html
                      • Shannon Eric Peevey
                        ... I don t think that you are getting any errors in what I see( on your end). So I guess my question still stands, is anyone else seeing slow performance in
                        Message 11 of 27 , Nov 4, 2003
                        • 0 Attachment
                          Stefano Ciancio wrote:

                          >On Mon, 03 Nov 2003 15:39:14 -0600
                          >Shannon Eric Peevey <speeves@...> wrote:
                          >
                          >
                          >
                          >>Stefano Ciancio wrote:
                          >>
                          >>
                          >>
                          >>>Hi Shannon Eric,
                          >>>
                          >>>I have set "ntlmdebug" = 2 and produced an error.log that I have attached.
                          >>>
                          >>>It seems that the error is:
                          >>>
                          >>>[9100] AuthenNTLM: Authorization Header <not given>
                          >>>
                          >>>I don't know its means ...
                          >>>
                          >>>Can you help me?
                          >>>
                          >>> Stefano
                          >>>
                          >>>
                          >>>
                          >>>
                          >>>
                          >>>
                          >>Hi!
                          >>
                          >>I'm sorry, but I have become foggy on the problem here... Are you
                          >>talking about problems logging in, or web server performance?
                          >>
                          >>[9100] AuthenNTLM: Authorization Header <not given>
                          >>
                          >>This is telling us that the browser is not including an "Authorization"
                          >>header, which is normal on the initial request from the browser. (The server
                          >>throws a 401 Authorization Required, which tells the browser that it needs to
                          >>include an Authorization header.
                          >>
                          >>There is no error here.
                          >>
                          >>speeves
                          >>cws
                          >>
                          >>
                          >>
                          >
                          >Yes, have you right!! My problem is about web server performance and I thought
                          >that it depended from some error of the module.
                          >
                          >
                          > Stefano
                          >
                          >
                          I don't think that you are getting any errors in what I see( on your
                          end). So I guess my question still stands, is anyone else seeing slow
                          performance in a production site with this module?

                          BTW, I don't see the module asking for authorization for every object,
                          only when the client asks for something in a new directory. (It's a
                          little hard to tell from the debug log if the calls to the samba server
                          are made for every object, I need a little more time to follow its logic
                          through. But, on the client side, I am not seeing the 401 returned for
                          every object.)

                          thanks,
                          speeves
                          cws


                          --
                          Reporting bugs: http://perl.apache.org/bugs/
                          Mail list info: http://perl.apache.org/maillist/modperl.html
                        • Shannon Eric Peevey
                          ... Hi! I think that is probably a great idea. I don t have time to add it in now, but if you send me a patch, I will be happy to add it into the next
                          Message 12 of 27 , Nov 4, 2003
                          • 0 Attachment
                            Enrico Sorcinelli wrote:

                            >On Tue, 04 Nov 2003 09:13:34 -0600
                            >Shannon Eric Peevey <speeves@...> wrote:
                            >
                            >
                            >
                            >
                            >>BTW, I don't see the module asking for authorization for every object,
                            >>only when the client asks for something in a new directory. (It's a
                            >>little hard to tell from the debug log if the calls to the samba server
                            >>are made for every object, I need a little more time to follow its logic
                            >>through. But, on the client side, I am not seeing the 401 returned for
                            >>every object.)
                            >>
                            >>
                            >
                            >How about improving the module by adding some caching mechanism for
                            >authenticated users?
                            >Moreover it could be nice to control it with PerlSetVar directives
                            >(ttl and so on)
                            >
                            >by
                            >
                            > - Enrico
                            >
                            >
                            Hi!

                            I think that is probably a great idea. I don't have time to add it in
                            now, but if you send me a patch, I will be happy to add it into the next
                            release.

                            thanks,
                            speeves
                            cws


                            --
                            Reporting bugs: http://perl.apache.org/bugs/
                            Mail list info: http://perl.apache.org/maillist/modperl.html
                          • Enrico Sorcinelli
                            On Tue, 04 Nov 2003 09:13:34 -0600 ... How about improving the module by adding some caching mechanism for authenticated users? Moreover it could be nice to
                            Message 13 of 27 , Nov 4, 2003
                            • 0 Attachment
                              On Tue, 04 Nov 2003 09:13:34 -0600
                              Shannon Eric Peevey <speeves@...> wrote:


                              > BTW, I don't see the module asking for authorization for every object,
                              > only when the client asks for something in a new directory. (It's a
                              > little hard to tell from the debug log if the calls to the samba server
                              > are made for every object, I need a little more time to follow its logic
                              > through. But, on the client side, I am not seeing the 401 returned for
                              > every object.)

                              How about improving the module by adding some caching mechanism for
                              authenticated users?
                              Moreover it could be nice to control it with PerlSetVar directives
                              (ttl and so on)

                              by

                              - Enrico

                              --
                              Reporting bugs: http://perl.apache.org/bugs/
                              Mail list info: http://perl.apache.org/maillist/modperl.html
                            • Shannon Eric Peevey
                              ... BTW, has anyone read the documentation in AuthenNTLM.pm? Here is an example on how to only call AuthenNTLM if a precondition is met... =head2 Example for
                              Message 14 of 27 , Nov 4, 2003
                              • 0 Attachment
                                Enrico Sorcinelli wrote:

                                >On Tue, 04 Nov 2003 09:13:34 -0600
                                >Shannon Eric Peevey <speeves@...> wrote:
                                >
                                >
                                >
                                >
                                >>BTW, I don't see the module asking for authorization for every object,
                                >>only when the client asks for something in a new directory. (It's a
                                >>little hard to tell from the debug log if the calls to the samba server
                                >>are made for every object, I need a little more time to follow its logic
                                >>through. But, on the client side, I am not seeing the 401 returned for
                                >>every object.)
                                >>
                                >>
                                >
                                >How about improving the module by adding some caching mechanism for
                                >authenticated users?
                                >Moreover it could be nice to control it with PerlSetVar directives
                                >(ttl and so on)
                                >
                                >by
                                >
                                > - Enrico
                                >
                                >
                                >
                                BTW, has anyone read the documentation in AuthenNTLM.pm? Here is an
                                example on how to only call AuthenNTLM if a precondition is met...

                                =head2 Example for overriding


                                The following code shows the a basic example for creating a module which
                                overrides the map_user method and calls AuthenNTLM's handler only if a
                                precondition is met. Note: The functions preconditon_met and lookup_user
                                do the real work and are not shown here.




                                package Apache::MyAuthenNTLM ;


                                use Apache::AuthenNTLM ;


                                @ISA = ('Apache::AuthenNTLM') ;




                                sub handler ($$)
                                {
                                my ($self, $r) = @_ ;


                                return Apache::AuthenNTLM::handler ($self, $r) if
                                (precondition_met()) ;
                                return DECLINED ;
                                }


                                sub map_user


                                {
                                my ($self, $r) = @_ ;


                                return lookup_user ($self->{userdomain}, $self->{username}) ;
                                }

                                This should work for now, and I will bang around and see how much work
                                it will take to add in a caching feature directly into the module.
                                Seems that it would be useful for a lot of people, right?

                                speeves
                                cws


                                --
                                Reporting bugs: http://perl.apache.org/bugs/
                                Mail list info: http://perl.apache.org/maillist/modperl.html
                              • Shannon Eric Peevey
                                ... OK, final questions for the day... 1. Apache-AuthenNTLM already caches the connections to the samba server. I am assuming that we are having a problem
                                Message 15 of 27 , Nov 4, 2003
                                • 0 Attachment
                                  Shannon Eric Peevey wrote:

                                  > Enrico Sorcinelli wrote:
                                  >
                                  >> On Tue, 04 Nov 2003 09:13:34 -0600
                                  >> Shannon Eric Peevey <speeves@...> wrote:
                                  >>
                                  >>
                                  >>
                                  >>
                                  >>> BTW, I don't see the module asking for authorization for every
                                  >>> object, only when the client asks for something in a new directory.
                                  >>> (It's a little hard to tell from the debug log if the calls to the
                                  >>> samba server are made for every object, I need a little more time to
                                  >>> follow its logic through. But, on the client side, I am not seeing
                                  >>> the 401 returned for every object.)
                                  >>>
                                  >>
                                  >>
                                  >> How about improving the module by adding some caching mechanism for
                                  >> authenticated users?
                                  >> Moreover it could be nice to control it with PerlSetVar directives
                                  >> (ttl and so on)
                                  >>
                                  >> by
                                  >>
                                  >> - Enrico
                                  >>
                                  >>
                                  >>
                                  > BTW, has anyone read the documentation in AuthenNTLM.pm? Here is an
                                  > example on how to only call AuthenNTLM if a precondition is met...
                                  >
                                  > =head2 Example for overriding
                                  >
                                  >
                                  > The following code shows the a basic example for creating a module which
                                  > overrides the map_user method and calls AuthenNTLM's handler only if a
                                  > precondition is met. Note: The functions preconditon_met and lookup_user
                                  > do the real work and are not shown here.
                                  >
                                  >
                                  >
                                  >
                                  > package Apache::MyAuthenNTLM ;
                                  >
                                  >
                                  > use Apache::AuthenNTLM ;
                                  >
                                  >
                                  > @ISA = ('Apache::AuthenNTLM') ;
                                  >
                                  >
                                  >
                                  >
                                  > sub handler ($$)
                                  > {
                                  > my ($self, $r) = @_ ;
                                  >
                                  >
                                  > return Apache::AuthenNTLM::handler ($self, $r) if
                                  > (precondition_met()) ;
                                  > return DECLINED ;
                                  > }
                                  >
                                  >
                                  > sub map_user
                                  >
                                  >
                                  > {
                                  > my ($self, $r) = @_ ;
                                  >
                                  >
                                  > return lookup_user ($self->{userdomain}, $self->{username}) ;
                                  > }
                                  >
                                  > This should work for now, and I will bang around and see how much work
                                  > it will take to add in a caching feature directly into the module.
                                  > Seems that it would be useful for a lot of people, right?
                                  >
                                  > speeves
                                  > cws
                                  >
                                  >
                                  OK, final questions for the day...

                                  1. Apache-AuthenNTLM already caches the connections to the samba
                                  server. I am assuming that we are having a problem with queries passing
                                  through this connection, and not a "too many connections" problem on the
                                  samba server end, right?

                                  (NOTE: (Mathias) Apache-AuthenSMB does not cache the connections, so
                                  what are we seeing with it exactly? )

                                  2. Do we really need to handle caching within this module? Might it
                                  not be handled by one of the Caching modules that Michael Parker
                                  mentioned in an earlier email?
                                  (http://marc.theaimsgroup.com/?l=apache-modperl&m=106780304521226&w=2)

                                  3. If we do add caching into the Apache-AuthenNTLM mod, where do we
                                  cache the yes/no variable, and when do we destroy it?

                                  thanks for your input,
                                  speeves
                                  cws


                                  --
                                  Reporting bugs: http://perl.apache.org/bugs/
                                  Mail list info: http://perl.apache.org/maillist/modperl.html
                                • Leo Lapworth
                                  Hi All, The first version is available at: http://leo.cuckoo.org/projects/AuthCookieNTLM/ I ll tidy up the docs and add a bit more functionality tomorrow,
                                  Message 16 of 27 , Nov 5, 2003
                                  • 0 Attachment
                                    Hi All,

                                    The first version is available at:

                                    http://leo.cuckoo.org/projects/AuthCookieNTLM/

                                    I'll tidy up the docs and add a bit more functionality tomorrow,
                                    debugging for example! - before uploading to CPAN.

                                    We decided against using Apache::AuthCookie in the end,
                                    it just seemed over kill.

                                    By default the user's login and a test value are set in the
                                    cookie, there is the choose_cookie_values() so you can
                                    inherit Apache::AuthCookieNTLM and overwride this and
                                    therefor add any additional information you want to the
                                    cookie at this stage. For example we want to lookup
                                    people's email addresses and other info we have in a
                                    DB to personalise other pages on the intranet.

                                    Feedback welcome.

                                    Cheers

                                    Leo

                                    --
                                    Reporting bugs: http://perl.apache.org/bugs/
                                    Mail list info: http://perl.apache.org/maillist/modperl.html
                                  • Shannon Eric Peevey
                                    ... Bravo!! Way to get on the ball :) I will see if I get a chance to check it out tomorrow. thanks, speeves cws -- Reporting bugs:
                                    Message 17 of 27 , Nov 5, 2003
                                    • 0 Attachment
                                      Leo Lapworth wrote:

                                      >Hi All,
                                      >
                                      >The first version is available at:
                                      >
                                      >http://leo.cuckoo.org/projects/AuthCookieNTLM/
                                      >
                                      >I'll tidy up the docs and add a bit more functionality tomorrow,
                                      >debugging for example! - before uploading to CPAN.
                                      >
                                      >We decided against using Apache::AuthCookie in the end,
                                      >it just seemed over kill.
                                      >
                                      >By default the user's login and a test value are set in the
                                      >cookie, there is the choose_cookie_values() so you can
                                      >inherit Apache::AuthCookieNTLM and overwride this and
                                      >therefor add any additional information you want to the
                                      >cookie at this stage. For example we want to lookup
                                      >people's email addresses and other info we have in a
                                      >DB to personalise other pages on the intranet.
                                      >
                                      >Feedback welcome.
                                      >
                                      >Cheers
                                      >
                                      >Leo
                                      >
                                      >
                                      Bravo!! Way to get on the ball :) I will see if I get a chance to
                                      check it out tomorrow.

                                      thanks,
                                      speeves
                                      cws


                                      --
                                      Reporting bugs: http://perl.apache.org/bugs/
                                      Mail list info: http://perl.apache.org/maillist/modperl.html
                                    • Leo Lapworth
                                      I ve just uploaded Apache::AuthCookieNTLM 0.04 to CPAN, it s available from http://leo.cuckoo.org/projects/ if you can t wait for it to be processed. I ll
                                      Message 18 of 27 , Nov 7, 2003
                                      • 0 Attachment
                                        I've just uploaded Apache::AuthCookieNTLM 0.04 to
                                        CPAN, it's available from http://leo.cuckoo.org/projects/
                                        if you can't wait for it to be processed.

                                        I'll consider it finished (ie. working) unless
                                        I hear from anyone :)

                                        Cheers

                                        Leo

                                        --
                                        Reporting bugs: http://perl.apache.org/bugs/
                                        Mail list info: http://perl.apache.org/maillist/modperl.html
                                      • Shannon Eric Peevey
                                        ... Actually, I am looking into it now. (I know that your module as it stands only works with mp1). But, I am going to download the libapreq 2 release and
                                        Message 19 of 27 , Nov 7, 2003
                                        • 0 Attachment
                                          >Fraid I haven't a clue, not used mod_perl2 yet, it requires
                                          >Apache::Request and Apache::Cookie, can't remember if they are
                                          >abailable yet.
                                          >
                                          >Leo
                                          >
                                          >
                                          Actually, I am looking into it now. (I know that your module as it
                                          stands only works with mp1). But, I am going to download the libapreq 2
                                          release and see how it plays with your module. (It is still in beta,
                                          and I don't know how far they are in the process of porting to mp2, so
                                          you might be nervous about using it... OTOH, if you are using mp2, who
                                          cares right?! Cause it's still in beta too ;) ) BTW, any and all
                                          installs of the new libapreq2 will be helping in the dev process, so it
                                          would be great if we all mess with it, and give them a heads-up on bugs
                                          and stuff :)

                                          thanks,
                                          speeves
                                          cws

                                          BTW, can you include the list in your replies? thanks :)


                                          --
                                          Reporting bugs: http://perl.apache.org/bugs/
                                          Mail list info: http://perl.apache.org/maillist/modperl.html
                                        • Stefano Ciancio
                                          Hi Leo, I have donwloaded your module and testing it. First of all a question. The AuthenNTLM module setted an env variable REMOTE_USER to domain username
                                          Message 20 of 27 , Nov 7, 2003
                                          • 0 Attachment
                                            Hi Leo,

                                            I have donwloaded your module and testing it.

                                            First of all a question. The AuthenNTLM module setted an env variable
                                            REMOTE_USER to domain\\username value.
                                            Set the new module this variable?

                                            Thanks,
                                            Stefano



                                            On Fri, 7 Nov 2003 14:01:13 +0000
                                            Leo Lapworth <leo@...> wrote:

                                            > I've just uploaded Apache::AuthCookieNTLM 0.04 to
                                            > CPAN, it's available from http://leo.cuckoo.org/projects/
                                            > if you can't wait for it to be processed.
                                            >
                                            > I'll consider it finished (ie. working) unless
                                            > I hear from anyone :)
                                            >
                                            > Cheers
                                            >
                                            > Leo

                                            --
                                            Reporting bugs: http://perl.apache.org/bugs/
                                            Mail list info: http://perl.apache.org/maillist/modperl.html
                                          • Leo Lapworth
                                            Hi Stefano, ... Ahh, this wasn t something I was checking for - I ll have a look at how / if it can be implimented next week (don t have a windowz machine at
                                            Message 21 of 27 , Nov 7, 2003
                                            • 0 Attachment
                                              Hi Stefano,

                                              On Fri, Nov 07, 2003 at 06:11:48PM +0100, Stefano Ciancio wrote:
                                              > I have donwloaded your module and testing it.
                                              >
                                              > First of all a question. The AuthenNTLM module setted an env variable
                                              > REMOTE_USER to domain\\username value.
                                              > Set the new module this variable?

                                              Ahh, this wasn't something I was checking for - I'll have a look
                                              at how / if it can be implimented next week (don't have a windowz
                                              machine at home to test it all on).

                                              Patch welcome if you figure it out before then.

                                              Cheers

                                              Leo

                                              --
                                              Reporting bugs: http://perl.apache.org/bugs/
                                              Mail list info: http://perl.apache.org/maillist/modperl.html
                                            • John Day
                                              I have been trying to install Apache::Test which is a pre-requisite for something else. But I get this message: *** result: NOK !!! You are running the test
                                              Message 22 of 27 , Nov 7, 2003
                                              • 0 Attachment
                                                I have been trying to install Apache::Test which is a pre-requisite for something else. But I get this message:

                                                *** result: NOK
                                                !!! You are running the test suite under user 'root'.
                                                Apache cannot spawn child processes as 'root', therefore
                                                we attempt to run the test suite with user 'nobody' (99:99).
                                                The problem is that the path:
                                                /root/.cpan/build/Apache-Test-1.05/t
                                                must be 'rwx' by user 'nobody', so Apache can read and write under that
                                                path.

                                                Yet the directory is chmod=777 for nobody.

                                                Anybody got any clues where I go from here?

                                                John


                                                --
                                                Reporting bugs: http://perl.apache.org/bugs/
                                                Mail list info: http://perl.apache.org/maillist/modperl.html
                                              • Geoffrey Young
                                                ... well, first try installing as somebody other than root, perhaps not using the CPAN.pm shell. try just grabing the tarball from
                                                Message 23 of 27 , Nov 7, 2003
                                                • 0 Attachment
                                                  John Day wrote:
                                                  > I have been trying to install Apache::Test which is a pre-requisite for something else. But I get this message:
                                                  >
                                                  > *** result: NOK
                                                  > !!! You are running the test suite under user 'root'.
                                                  > Apache cannot spawn child processes as 'root', therefore
                                                  > we attempt to run the test suite with user 'nobody' (99:99).
                                                  > The problem is that the path:
                                                  > /root/.cpan/build/Apache-Test-1.05/t
                                                  > must be 'rwx' by user 'nobody', so Apache can read and write under that
                                                  > path.
                                                  >
                                                  > Yet the directory is chmod=777 for nobody.
                                                  >
                                                  > Anybody got any clues where I go from here?

                                                  well, first try installing as somebody other than root, perhaps not using
                                                  the CPAN.pm shell. try just grabing the tarball from

                                                  http://search.cpan.org/CPAN/authors/id/G/GE/GEOFF/Apache-Test-1.05.tar.gz

                                                  unzip to your personal (non-root) home directory or something and then just

                                                  $ perl Makefile.PL
                                                  $ make && make test
                                                  $ su
                                                  # make install

                                                  HTH

                                                  --Geoff


                                                  --
                                                  Reporting bugs: http://perl.apache.org/bugs/
                                                  Mail list info: http://perl.apache.org/maillist/modperl.html
                                                • Stas Bekman
                                                  ... Or change your /root/.cpan to be /tmp/cpan or be under some other dir which is accessible (rwx) under nobody or your normal username.
                                                  Message 24 of 27 , Nov 7, 2003
                                                  • 0 Attachment
                                                    Geoffrey Young wrote:
                                                    >
                                                    >
                                                    > John Day wrote:
                                                    >
                                                    >> I have been trying to install Apache::Test which is a pre-requisite
                                                    >> for something else. But I get this message:
                                                    >>
                                                    >> *** result: NOK
                                                    >> !!! You are running the test suite under user 'root'.
                                                    >> Apache cannot spawn child processes as 'root', therefore
                                                    >> we attempt to run the test suite with user 'nobody' (99:99).
                                                    >> The problem is that the path:
                                                    >> /root/.cpan/build/Apache-Test-1.05/t
                                                    >> must be 'rwx' by user 'nobody', so Apache can read and write under that
                                                    >> path.
                                                    >>
                                                    >> Yet the directory is chmod=777 for nobody.
                                                    >>
                                                    >> Anybody got any clues where I go from here?
                                                    >
                                                    >
                                                    > well, first try installing as somebody other than root, perhaps not
                                                    > using the CPAN.pm shell. try just grabing the tarball from
                                                    >
                                                    > http://search.cpan.org/CPAN/authors/id/G/GE/GEOFF/Apache-Test-1.05.tar.gz
                                                    >
                                                    > unzip to your personal (non-root) home directory or something and then just
                                                    >
                                                    > $ perl Makefile.PL
                                                    > $ make && make test
                                                    > $ su
                                                    > # make install

                                                    Or change your /root/.cpan to be /tmp/cpan or be under some other dir which is
                                                    accessible (rwx) under 'nobody' or your normal username.


                                                    __________________________________________________________________
                                                    Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
                                                    http://stason.org/ mod_perl Guide ---> http://perl.apache.org
                                                    mailto:stas@... http://use.perl.org http://apacheweek.com
                                                    http://modperlbook.org http://apache.org http://ticketmaster.com


                                                    --
                                                    Reporting bugs: http://perl.apache.org/bugs/
                                                    Mail list info: http://perl.apache.org/maillist/modperl.html
                                                  • Leo Lapworth
                                                    ... The uploaded file Apache-AuthCookieNTLM-0.05.tar.gz has entered CPAN as file: $CPAN/authors/id/L/LL/LLAP/Apache-AuthCookieNTLM-0.05.tar.gz size: 4590 bytes
                                                    Message 25 of 27 , Nov 10, 2003
                                                    • 0 Attachment
                                                      > On Fri, Nov 07, 2003 at 06:11:48PM +0100, Stefano Ciancio wrote:
                                                      > > First of all a question. The AuthenNTLM module setted an env variable
                                                      > > REMOTE_USER to domain\\username value.

                                                      The uploaded file

                                                      Apache-AuthCookieNTLM-0.05.tar.gz

                                                      has entered CPAN as

                                                      file: $CPAN/authors/id/L/LL/LLAP/Apache-AuthCookieNTLM-0.05.tar.gz
                                                      size: 4590 bytes
                                                      md5: e902cc73ff25c384fd3e8e1b11d96702

                                                      Available NOW from:

                                                      http://leo.cuckoo.org/projects/

                                                      This version now defaults to setting the REMOTE_USER value as
                                                      userdomain\\username this will be the case as long as
                                                      'username' and 'userdomain' are set in choose_cookie_values().

                                                      Enjoy.

                                                      Leo

                                                      --
                                                      Reporting bugs: http://perl.apache.org/bugs/
                                                      Mail list info: http://perl.apache.org/maillist/modperl.html
                                                    Your message has been successfully submitted and would be delivered to recipients shortly.