Loading ...
Sorry, an error occurred while loading the content.

Re: [Fwd: AuthenNTLM and slow web server]

Expand Messages
  • Leo Lapworth
    ... We are working on something similar at the moment, we are planning on creating a wrapper module which checks for a cookie, if that is not set then it used
    Message 1 of 27 , Nov 1, 2003
    • 0 Attachment
      On Fri, Oct 31, 2003 at 08:08:02PM +0100, Stefano Ciancio wrote:
      > But the big problem with this module is that seem for each object it require an
      > authentication from pdc/bdc. This behaviour causes the web server to go _very_
      > slow. The user must wait ten of seconds to load a single web page.

      We are working on something similar at the moment, we are planning
      on creating a wrapper module which checks for a cookie, if that is
      not set then it used AuthenNTML and sets the cookie (just for
      the browser session), but if it is set we know that the user
      has been authenticated and therefor only have to check authentication
      once per user per session.

      Once we get it working I'll post it on the net somewhere and
      a message here.

      Leo
    • Michael Parker
      ... It s fairly easy to knock a PDC/BDC over if you throw enough authentication requests at it. The key is to do everything possible to limit the number of
      Message 2 of 27 , Nov 2, 2003
      • 0 Attachment
        On Fri, Oct 31, 2003 at 08:08:02PM +0100, Stefano Ciancio wrote:
        >
        > Hi,
        >
        > I have seen better the log and the error in apache's error.log was about some
        > gif that the web server not found.
        > But the big problem with this module is that seem for each object it require an
        > authentication from pdc/bdc. This behaviour causes the web server to go _very_
        > slow. The user must wait ten of seconds to load a single web page.
        >
        > I want use this module to obtain a single sign on in the Intranet of my company
        > that have thousands of users in some trusted NT pdc/bdc.
        > Do you think that this module could working fine? Exists some other mechanism to
        > obtain the single sign on with ntlm?
        >

        It's fairly easy to knock a PDC/BDC over if you throw enough
        authentication requests at it. The key is to do everything possible
        to limit the number of authentication requests it has to make.
        Someone mentioned using cookies, which is one way. There have been
        several discussed over the years on this list. You should check the
        archives to give you some ideas on how to solve the problem. I found
        the most success using one of the authentication caching modules.

        Michael
      • Stefano Ciancio
        Hi Shannon Eric, I have set ntlmdebug = 2 and produced an error.log that I have attached. It seems that the error is: [9100] AuthenNTLM: Authorization Header
        Message 3 of 27 , Nov 3, 2003
        • 0 Attachment
          Hi Shannon Eric,

          I have set "ntlmdebug" = 2 and produced an error.log that I have attached.

          It seems that the error is:

          [9100] AuthenNTLM: Authorization Header <not given>

          I don't know its means ...

          Can you help me?

          Stefano



          On Fri, 31 Oct 2003 08:41:39 -0600
          Shannon Eric Peevey <speeves@...> wrote:

          > Shannon Eric Peevey wrote:
          >
          > >
          > >
          > > -------- Original Message --------
          > > Subject: AuthenNTLM and slow web server
          > > Date: Thu, 30 Oct 2003 17:59:49 +0100
          > > From: Stefano Ciancio <s.ciancio@...>
          > > Organization: Italia On Line
          > > To: speeves@...
          > >
          > >
          > >
          > > Hi,
          > >
          > > I am using the apache module Apache-AuthenNTLM-2.04 with apache 1.3,
          > > but I am
          > > having some problem with it.
          > >
          > > I view some time_wait session to windows pdc and many error in apache's
          > > error.log.
          > > Moreover this also seems to cause the web server to go _very_ slow.
          > >
          > > My httpd.conf configuration is standard
          > > <Location />
          > > PerlAuthenHandler Apache::AuthenNTLM AuthType ntlm,basic
          > > AuthName test
          > > require valid-user
          > >
          > > PerlAddVar ntdomain "name_domain1 name_of_pdc1"
          > > PerlAddVar ntdomain "other_domain pdc_for_domain
          > > bdc_for_domain"
          > >
          > > PerlSetVar defaultdomain wingr1
          > > PerlSetVar ntlmdebug 0
          > > </Location>
          > >
          > > with keepAlive setted to On.
          > >
          > > Have you an an idea why this is happening?
          > >
          > > Thanks,
          > > Stefano
          > >
          > Hi!
          >
          > Can you set "ntlmdebug" = 2 and send me the sections of the error_log
          > that you are talking about?
          >
          > thanks,
          > speeves
          > cws
          >
          > BTW, did you have this working correctly with any other version
          > Apache-AuthenNTLM?
        • Shannon Eric Peevey
          ... Are you creating something along the lines of a: Apache-AuthCookieNTML ? It seems that a lot of these questions would be resolved by a module that would
          Message 4 of 27 , Nov 3, 2003
          • 0 Attachment
            Leo Lapworth wrote:

            >On Fri, Oct 31, 2003 at 08:08:02PM +0100, Stefano Ciancio wrote:
            >
            >
            >>But the big problem with this module is that seem for each object it require an
            >>authentication from pdc/bdc. This behaviour causes the web server to go _very_
            >>slow. The user must wait ten of seconds to load a single web page.
            >>
            >>
            >
            >We are working on something similar at the moment, we are planning
            >on creating a wrapper module which checks for a cookie, if that is
            >not set then it used AuthenNTML and sets the cookie (just for
            >the browser session), but if it is set we know that the user
            >has been authenticated and therefor only have to check authentication
            >once per user per session.
            >
            >Once we get it working I'll post it on the net somewhere and
            >a message here.
            >
            >Leo
            >
            >
            Are you creating something along the lines of a:

            Apache-AuthCookieNTML ?

            It seems that a lot of these questions would be resolved by a module
            that would check for a cookie first, and then throw the auth box when
            the user hasn't been authenticated. Then you could just continue to
            check for a cookie, instead of querying the samba server for every
            image, etc. on the page.

            Could I recommend writing this module, (instead of a work-around piece
            of code)? I think that an Apache-AuthCookieNTLM would benefit a lot of
            people.

            If no one is up to it, let me know and I will start working on one when
            I have the time.

            thanks,
            speeves
            cws


            --
            Reporting bugs: http://perl.apache.org/bugs/
            Mail list info: http://perl.apache.org/maillist/modperl.html
          • Shannon Eric Peevey
            ... Hi! I m sorry, but I have become foggy on the problem here... Are you talking about problems logging in, or web server performance? [9100] AuthenNTLM:
            Message 5 of 27 , Nov 3, 2003
            • 0 Attachment
              Stefano Ciancio wrote:

              >Hi Shannon Eric,
              >
              >I have set "ntlmdebug" = 2 and produced an error.log that I have attached.
              >
              >It seems that the error is:
              >
              >[9100] AuthenNTLM: Authorization Header <not given>
              >
              >I don't know its means ...
              >
              >Can you help me?
              >
              > Stefano
              >
              >
              >
              >
              Hi!

              I'm sorry, but I have become foggy on the problem here... Are you
              talking about problems logging in, or web server performance?

              [9100] AuthenNTLM: Authorization Header <not given>

              This is telling us that the browser is not including an "Authorization" header, which is normal on the initial request from the browser. (The server throws a 401 Authorization Required, which tells the browser that it needs to include an Authorization header.

              There is no error here.

              speeves
              cws




              --
              Reporting bugs: http://perl.apache.org/bugs/
              Mail list info: http://perl.apache.org/maillist/modperl.html
            • Shannon Eric Peevey
              ... Unfortunately, I don t use this module in a production environment, so cannot comment here. Is anyone else seeing this in a live environment? ... I don t
              Message 6 of 27 , Nov 3, 2003
              • 0 Attachment
                Stefano Ciancio wrote:

                >Hi,
                >
                >I have seen better the log and the error in apache's error.log was about some
                >gif that the web server not found.
                >But the big problem with this module is that seem for each object it require an
                >authentication from pdc/bdc. This behaviour causes the web server to go _very_
                >slow. The user must wait ten of seconds to load a single web page.
                >
                Unfortunately, I don't use this module in a production environment, so
                cannot comment here. Is anyone else seeing this in a live environment?

                >
                >I want use this module to obtain a single sign on in the Intranet of my company
                >that have thousands of users in some trusted NT pdc/bdc.
                >Do you think that this module could working fine?
                >
                I don't really think that this module was created with this purpose in
                mind.

                >Exists some other mechanism to
                >obtain the single sign on with ntlm?
                >
                >
                Check out my message to Mr. Lapworth at:

                http://marc.theaimsgroup.com/?l=apache-modperl&m=106788287330640&w=2

                If he doesn't have the time to create this module, maybe one of you
                will? If not, I can put it on my to-do list, and could probably have
                something by late January...

                speeves
                cws



                --
                Reporting bugs: http://perl.apache.org/bugs/
                Mail list info: http://perl.apache.org/maillist/modperl.html
              • Leo Lapworth
                ... This is the general plan - we ve just got Apache::AuthNTML working properly, so going to work on Apache::AuthCookieNTML this week, I ll report back when
                Message 7 of 27 , Nov 4, 2003
                • 0 Attachment
                  On Mon, Nov 03, 2003 at 11:55:28AM -0600, Shannon Eric Peevey wrote:
                  > Are you creating something along the lines of a:
                  >
                  > Apache-AuthCookieNTML ?
                  >
                  > It seems that a lot of these questions would be resolved by a module
                  > that would check for a cookie first, and then throw the auth box when
                  > the user hasn't been authenticated.

                  This is the general plan - we've just got Apache::AuthNTML working
                  properly, so going to work on Apache::AuthCookieNTML this week,
                  I'll report back when we've got something up and running.

                  Cheers

                  Leo

                  --
                  Reporting bugs: http://perl.apache.org/bugs/
                  Mail list info: http://perl.apache.org/maillist/modperl.html
                • Stefano Ciancio
                  On Mon, 03 Nov 2003 15:39:14 -0600 ... Yes, have you right!! My problem is about web server performance and I thought that it depended from some error of the
                  Message 8 of 27 , Nov 4, 2003
                  • 0 Attachment
                    On Mon, 03 Nov 2003 15:39:14 -0600
                    Shannon Eric Peevey <speeves@...> wrote:

                    > Stefano Ciancio wrote:
                    >
                    > >Hi Shannon Eric,
                    > >
                    > >I have set "ntlmdebug" = 2 and produced an error.log that I have attached.
                    > >
                    > >It seems that the error is:
                    > >
                    > >[9100] AuthenNTLM: Authorization Header <not given>
                    > >
                    > >I don't know its means ...
                    > >
                    > >Can you help me?
                    > >
                    > > Stefano
                    > >
                    > >
                    > >
                    > >
                    > Hi!
                    >
                    > I'm sorry, but I have become foggy on the problem here... Are you
                    > talking about problems logging in, or web server performance?
                    >
                    > [9100] AuthenNTLM: Authorization Header <not given>
                    >
                    > This is telling us that the browser is not including an "Authorization"
                    > header, which is normal on the initial request from the browser. (The server
                    > throws a 401 Authorization Required, which tells the browser that it needs to
                    > include an Authorization header.
                    >
                    > There is no error here.
                    >
                    > speeves
                    > cws
                    >

                    Yes, have you right!! My problem is about web server performance and I thought
                    that it depended from some error of the module.


                    Stefano


                    --
                    Reporting bugs: http://perl.apache.org/bugs/
                    Mail list info: http://perl.apache.org/maillist/modperl.html
                  • Shannon Eric Peevey
                    ... Great!! Keep us posted, and don t forget to request a PAUSE account on CPAN so that you can upload your module there :) speeves cws PS Sorry bout the typo
                    Message 9 of 27 , Nov 4, 2003
                    • 0 Attachment
                      Leo Lapworth wrote:

                      >On Mon, Nov 03, 2003 at 11:55:28AM -0600, Shannon Eric Peevey wrote:
                      >
                      >
                      >>Are you creating something along the lines of a:
                      >>
                      >>Apache-AuthCookieNTML ?
                      >>
                      >>It seems that a lot of these questions would be resolved by a module
                      >>that would check for a cookie first, and then throw the auth box when
                      >>the user hasn't been authenticated.
                      >>
                      >>
                      >
                      >This is the general plan - we've just got Apache::AuthNTML working
                      >properly, so going to work on Apache::AuthCookieNTML this week,
                      >I'll report back when we've got something up and running.
                      >
                      >Cheers
                      >
                      >Leo
                      >
                      >
                      Great!! Keep us posted, and don't forget to request a PAUSE account on
                      CPAN so that you can upload your module there :)

                      speeves
                      cws

                      PS Sorry bout the typo in the previous message :P It's really
                      Apache-AuthCookieNTLM...


                      --
                      Reporting bugs: http://perl.apache.org/bugs/
                      Mail list info: http://perl.apache.org/maillist/modperl.html
                    • Shannon Eric Peevey
                      ... I don t think that you are getting any errors in what I see( on your end). So I guess my question still stands, is anyone else seeing slow performance in
                      Message 10 of 27 , Nov 4, 2003
                      • 0 Attachment
                        Stefano Ciancio wrote:

                        >On Mon, 03 Nov 2003 15:39:14 -0600
                        >Shannon Eric Peevey <speeves@...> wrote:
                        >
                        >
                        >
                        >>Stefano Ciancio wrote:
                        >>
                        >>
                        >>
                        >>>Hi Shannon Eric,
                        >>>
                        >>>I have set "ntlmdebug" = 2 and produced an error.log that I have attached.
                        >>>
                        >>>It seems that the error is:
                        >>>
                        >>>[9100] AuthenNTLM: Authorization Header <not given>
                        >>>
                        >>>I don't know its means ...
                        >>>
                        >>>Can you help me?
                        >>>
                        >>> Stefano
                        >>>
                        >>>
                        >>>
                        >>>
                        >>>
                        >>>
                        >>Hi!
                        >>
                        >>I'm sorry, but I have become foggy on the problem here... Are you
                        >>talking about problems logging in, or web server performance?
                        >>
                        >>[9100] AuthenNTLM: Authorization Header <not given>
                        >>
                        >>This is telling us that the browser is not including an "Authorization"
                        >>header, which is normal on the initial request from the browser. (The server
                        >>throws a 401 Authorization Required, which tells the browser that it needs to
                        >>include an Authorization header.
                        >>
                        >>There is no error here.
                        >>
                        >>speeves
                        >>cws
                        >>
                        >>
                        >>
                        >
                        >Yes, have you right!! My problem is about web server performance and I thought
                        >that it depended from some error of the module.
                        >
                        >
                        > Stefano
                        >
                        >
                        I don't think that you are getting any errors in what I see( on your
                        end). So I guess my question still stands, is anyone else seeing slow
                        performance in a production site with this module?

                        BTW, I don't see the module asking for authorization for every object,
                        only when the client asks for something in a new directory. (It's a
                        little hard to tell from the debug log if the calls to the samba server
                        are made for every object, I need a little more time to follow its logic
                        through. But, on the client side, I am not seeing the 401 returned for
                        every object.)

                        thanks,
                        speeves
                        cws


                        --
                        Reporting bugs: http://perl.apache.org/bugs/
                        Mail list info: http://perl.apache.org/maillist/modperl.html
                      • Shannon Eric Peevey
                        ... Hi! I think that is probably a great idea. I don t have time to add it in now, but if you send me a patch, I will be happy to add it into the next
                        Message 11 of 27 , Nov 4, 2003
                        • 0 Attachment
                          Enrico Sorcinelli wrote:

                          >On Tue, 04 Nov 2003 09:13:34 -0600
                          >Shannon Eric Peevey <speeves@...> wrote:
                          >
                          >
                          >
                          >
                          >>BTW, I don't see the module asking for authorization for every object,
                          >>only when the client asks for something in a new directory. (It's a
                          >>little hard to tell from the debug log if the calls to the samba server
                          >>are made for every object, I need a little more time to follow its logic
                          >>through. But, on the client side, I am not seeing the 401 returned for
                          >>every object.)
                          >>
                          >>
                          >
                          >How about improving the module by adding some caching mechanism for
                          >authenticated users?
                          >Moreover it could be nice to control it with PerlSetVar directives
                          >(ttl and so on)
                          >
                          >by
                          >
                          > - Enrico
                          >
                          >
                          Hi!

                          I think that is probably a great idea. I don't have time to add it in
                          now, but if you send me a patch, I will be happy to add it into the next
                          release.

                          thanks,
                          speeves
                          cws


                          --
                          Reporting bugs: http://perl.apache.org/bugs/
                          Mail list info: http://perl.apache.org/maillist/modperl.html
                        • Enrico Sorcinelli
                          On Tue, 04 Nov 2003 09:13:34 -0600 ... How about improving the module by adding some caching mechanism for authenticated users? Moreover it could be nice to
                          Message 12 of 27 , Nov 4, 2003
                          • 0 Attachment
                            On Tue, 04 Nov 2003 09:13:34 -0600
                            Shannon Eric Peevey <speeves@...> wrote:


                            > BTW, I don't see the module asking for authorization for every object,
                            > only when the client asks for something in a new directory. (It's a
                            > little hard to tell from the debug log if the calls to the samba server
                            > are made for every object, I need a little more time to follow its logic
                            > through. But, on the client side, I am not seeing the 401 returned for
                            > every object.)

                            How about improving the module by adding some caching mechanism for
                            authenticated users?
                            Moreover it could be nice to control it with PerlSetVar directives
                            (ttl and so on)

                            by

                            - Enrico

                            --
                            Reporting bugs: http://perl.apache.org/bugs/
                            Mail list info: http://perl.apache.org/maillist/modperl.html
                          • Shannon Eric Peevey
                            ... BTW, has anyone read the documentation in AuthenNTLM.pm? Here is an example on how to only call AuthenNTLM if a precondition is met... =head2 Example for
                            Message 13 of 27 , Nov 4, 2003
                            • 0 Attachment
                              Enrico Sorcinelli wrote:

                              >On Tue, 04 Nov 2003 09:13:34 -0600
                              >Shannon Eric Peevey <speeves@...> wrote:
                              >
                              >
                              >
                              >
                              >>BTW, I don't see the module asking for authorization for every object,
                              >>only when the client asks for something in a new directory. (It's a
                              >>little hard to tell from the debug log if the calls to the samba server
                              >>are made for every object, I need a little more time to follow its logic
                              >>through. But, on the client side, I am not seeing the 401 returned for
                              >>every object.)
                              >>
                              >>
                              >
                              >How about improving the module by adding some caching mechanism for
                              >authenticated users?
                              >Moreover it could be nice to control it with PerlSetVar directives
                              >(ttl and so on)
                              >
                              >by
                              >
                              > - Enrico
                              >
                              >
                              >
                              BTW, has anyone read the documentation in AuthenNTLM.pm? Here is an
                              example on how to only call AuthenNTLM if a precondition is met...

                              =head2 Example for overriding


                              The following code shows the a basic example for creating a module which
                              overrides the map_user method and calls AuthenNTLM's handler only if a
                              precondition is met. Note: The functions preconditon_met and lookup_user
                              do the real work and are not shown here.




                              package Apache::MyAuthenNTLM ;


                              use Apache::AuthenNTLM ;


                              @ISA = ('Apache::AuthenNTLM') ;




                              sub handler ($$)
                              {
                              my ($self, $r) = @_ ;


                              return Apache::AuthenNTLM::handler ($self, $r) if
                              (precondition_met()) ;
                              return DECLINED ;
                              }


                              sub map_user


                              {
                              my ($self, $r) = @_ ;


                              return lookup_user ($self->{userdomain}, $self->{username}) ;
                              }

                              This should work for now, and I will bang around and see how much work
                              it will take to add in a caching feature directly into the module.
                              Seems that it would be useful for a lot of people, right?

                              speeves
                              cws


                              --
                              Reporting bugs: http://perl.apache.org/bugs/
                              Mail list info: http://perl.apache.org/maillist/modperl.html
                            • Shannon Eric Peevey
                              ... OK, final questions for the day... 1. Apache-AuthenNTLM already caches the connections to the samba server. I am assuming that we are having a problem
                              Message 14 of 27 , Nov 4, 2003
                              • 0 Attachment
                                Shannon Eric Peevey wrote:

                                > Enrico Sorcinelli wrote:
                                >
                                >> On Tue, 04 Nov 2003 09:13:34 -0600
                                >> Shannon Eric Peevey <speeves@...> wrote:
                                >>
                                >>
                                >>
                                >>
                                >>> BTW, I don't see the module asking for authorization for every
                                >>> object, only when the client asks for something in a new directory.
                                >>> (It's a little hard to tell from the debug log if the calls to the
                                >>> samba server are made for every object, I need a little more time to
                                >>> follow its logic through. But, on the client side, I am not seeing
                                >>> the 401 returned for every object.)
                                >>>
                                >>
                                >>
                                >> How about improving the module by adding some caching mechanism for
                                >> authenticated users?
                                >> Moreover it could be nice to control it with PerlSetVar directives
                                >> (ttl and so on)
                                >>
                                >> by
                                >>
                                >> - Enrico
                                >>
                                >>
                                >>
                                > BTW, has anyone read the documentation in AuthenNTLM.pm? Here is an
                                > example on how to only call AuthenNTLM if a precondition is met...
                                >
                                > =head2 Example for overriding
                                >
                                >
                                > The following code shows the a basic example for creating a module which
                                > overrides the map_user method and calls AuthenNTLM's handler only if a
                                > precondition is met. Note: The functions preconditon_met and lookup_user
                                > do the real work and are not shown here.
                                >
                                >
                                >
                                >
                                > package Apache::MyAuthenNTLM ;
                                >
                                >
                                > use Apache::AuthenNTLM ;
                                >
                                >
                                > @ISA = ('Apache::AuthenNTLM') ;
                                >
                                >
                                >
                                >
                                > sub handler ($$)
                                > {
                                > my ($self, $r) = @_ ;
                                >
                                >
                                > return Apache::AuthenNTLM::handler ($self, $r) if
                                > (precondition_met()) ;
                                > return DECLINED ;
                                > }
                                >
                                >
                                > sub map_user
                                >
                                >
                                > {
                                > my ($self, $r) = @_ ;
                                >
                                >
                                > return lookup_user ($self->{userdomain}, $self->{username}) ;
                                > }
                                >
                                > This should work for now, and I will bang around and see how much work
                                > it will take to add in a caching feature directly into the module.
                                > Seems that it would be useful for a lot of people, right?
                                >
                                > speeves
                                > cws
                                >
                                >
                                OK, final questions for the day...

                                1. Apache-AuthenNTLM already caches the connections to the samba
                                server. I am assuming that we are having a problem with queries passing
                                through this connection, and not a "too many connections" problem on the
                                samba server end, right?

                                (NOTE: (Mathias) Apache-AuthenSMB does not cache the connections, so
                                what are we seeing with it exactly? )

                                2. Do we really need to handle caching within this module? Might it
                                not be handled by one of the Caching modules that Michael Parker
                                mentioned in an earlier email?
                                (http://marc.theaimsgroup.com/?l=apache-modperl&m=106780304521226&w=2)

                                3. If we do add caching into the Apache-AuthenNTLM mod, where do we
                                cache the yes/no variable, and when do we destroy it?

                                thanks for your input,
                                speeves
                                cws


                                --
                                Reporting bugs: http://perl.apache.org/bugs/
                                Mail list info: http://perl.apache.org/maillist/modperl.html
                              • Leo Lapworth
                                Hi All, The first version is available at: http://leo.cuckoo.org/projects/AuthCookieNTLM/ I ll tidy up the docs and add a bit more functionality tomorrow,
                                Message 15 of 27 , Nov 5, 2003
                                • 0 Attachment
                                  Hi All,

                                  The first version is available at:

                                  http://leo.cuckoo.org/projects/AuthCookieNTLM/

                                  I'll tidy up the docs and add a bit more functionality tomorrow,
                                  debugging for example! - before uploading to CPAN.

                                  We decided against using Apache::AuthCookie in the end,
                                  it just seemed over kill.

                                  By default the user's login and a test value are set in the
                                  cookie, there is the choose_cookie_values() so you can
                                  inherit Apache::AuthCookieNTLM and overwride this and
                                  therefor add any additional information you want to the
                                  cookie at this stage. For example we want to lookup
                                  people's email addresses and other info we have in a
                                  DB to personalise other pages on the intranet.

                                  Feedback welcome.

                                  Cheers

                                  Leo

                                  --
                                  Reporting bugs: http://perl.apache.org/bugs/
                                  Mail list info: http://perl.apache.org/maillist/modperl.html
                                • Shannon Eric Peevey
                                  ... Bravo!! Way to get on the ball :) I will see if I get a chance to check it out tomorrow. thanks, speeves cws -- Reporting bugs:
                                  Message 16 of 27 , Nov 5, 2003
                                  • 0 Attachment
                                    Leo Lapworth wrote:

                                    >Hi All,
                                    >
                                    >The first version is available at:
                                    >
                                    >http://leo.cuckoo.org/projects/AuthCookieNTLM/
                                    >
                                    >I'll tidy up the docs and add a bit more functionality tomorrow,
                                    >debugging for example! - before uploading to CPAN.
                                    >
                                    >We decided against using Apache::AuthCookie in the end,
                                    >it just seemed over kill.
                                    >
                                    >By default the user's login and a test value are set in the
                                    >cookie, there is the choose_cookie_values() so you can
                                    >inherit Apache::AuthCookieNTLM and overwride this and
                                    >therefor add any additional information you want to the
                                    >cookie at this stage. For example we want to lookup
                                    >people's email addresses and other info we have in a
                                    >DB to personalise other pages on the intranet.
                                    >
                                    >Feedback welcome.
                                    >
                                    >Cheers
                                    >
                                    >Leo
                                    >
                                    >
                                    Bravo!! Way to get on the ball :) I will see if I get a chance to
                                    check it out tomorrow.

                                    thanks,
                                    speeves
                                    cws


                                    --
                                    Reporting bugs: http://perl.apache.org/bugs/
                                    Mail list info: http://perl.apache.org/maillist/modperl.html
                                  • Leo Lapworth
                                    I ve just uploaded Apache::AuthCookieNTLM 0.04 to CPAN, it s available from http://leo.cuckoo.org/projects/ if you can t wait for it to be processed. I ll
                                    Message 17 of 27 , Nov 7, 2003
                                    • 0 Attachment
                                      I've just uploaded Apache::AuthCookieNTLM 0.04 to
                                      CPAN, it's available from http://leo.cuckoo.org/projects/
                                      if you can't wait for it to be processed.

                                      I'll consider it finished (ie. working) unless
                                      I hear from anyone :)

                                      Cheers

                                      Leo

                                      --
                                      Reporting bugs: http://perl.apache.org/bugs/
                                      Mail list info: http://perl.apache.org/maillist/modperl.html
                                    • Shannon Eric Peevey
                                      ... Actually, I am looking into it now. (I know that your module as it stands only works with mp1). But, I am going to download the libapreq 2 release and
                                      Message 18 of 27 , Nov 7, 2003
                                      • 0 Attachment
                                        >Fraid I haven't a clue, not used mod_perl2 yet, it requires
                                        >Apache::Request and Apache::Cookie, can't remember if they are
                                        >abailable yet.
                                        >
                                        >Leo
                                        >
                                        >
                                        Actually, I am looking into it now. (I know that your module as it
                                        stands only works with mp1). But, I am going to download the libapreq 2
                                        release and see how it plays with your module. (It is still in beta,
                                        and I don't know how far they are in the process of porting to mp2, so
                                        you might be nervous about using it... OTOH, if you are using mp2, who
                                        cares right?! Cause it's still in beta too ;) ) BTW, any and all
                                        installs of the new libapreq2 will be helping in the dev process, so it
                                        would be great if we all mess with it, and give them a heads-up on bugs
                                        and stuff :)

                                        thanks,
                                        speeves
                                        cws

                                        BTW, can you include the list in your replies? thanks :)


                                        --
                                        Reporting bugs: http://perl.apache.org/bugs/
                                        Mail list info: http://perl.apache.org/maillist/modperl.html
                                      • Stefano Ciancio
                                        Hi Leo, I have donwloaded your module and testing it. First of all a question. The AuthenNTLM module setted an env variable REMOTE_USER to domain username
                                        Message 19 of 27 , Nov 7, 2003
                                        • 0 Attachment
                                          Hi Leo,

                                          I have donwloaded your module and testing it.

                                          First of all a question. The AuthenNTLM module setted an env variable
                                          REMOTE_USER to domain\\username value.
                                          Set the new module this variable?

                                          Thanks,
                                          Stefano



                                          On Fri, 7 Nov 2003 14:01:13 +0000
                                          Leo Lapworth <leo@...> wrote:

                                          > I've just uploaded Apache::AuthCookieNTLM 0.04 to
                                          > CPAN, it's available from http://leo.cuckoo.org/projects/
                                          > if you can't wait for it to be processed.
                                          >
                                          > I'll consider it finished (ie. working) unless
                                          > I hear from anyone :)
                                          >
                                          > Cheers
                                          >
                                          > Leo

                                          --
                                          Reporting bugs: http://perl.apache.org/bugs/
                                          Mail list info: http://perl.apache.org/maillist/modperl.html
                                        • Leo Lapworth
                                          Hi Stefano, ... Ahh, this wasn t something I was checking for - I ll have a look at how / if it can be implimented next week (don t have a windowz machine at
                                          Message 20 of 27 , Nov 7, 2003
                                          • 0 Attachment
                                            Hi Stefano,

                                            On Fri, Nov 07, 2003 at 06:11:48PM +0100, Stefano Ciancio wrote:
                                            > I have donwloaded your module and testing it.
                                            >
                                            > First of all a question. The AuthenNTLM module setted an env variable
                                            > REMOTE_USER to domain\\username value.
                                            > Set the new module this variable?

                                            Ahh, this wasn't something I was checking for - I'll have a look
                                            at how / if it can be implimented next week (don't have a windowz
                                            machine at home to test it all on).

                                            Patch welcome if you figure it out before then.

                                            Cheers

                                            Leo

                                            --
                                            Reporting bugs: http://perl.apache.org/bugs/
                                            Mail list info: http://perl.apache.org/maillist/modperl.html
                                          • John Day
                                            I have been trying to install Apache::Test which is a pre-requisite for something else. But I get this message: *** result: NOK !!! You are running the test
                                            Message 21 of 27 , Nov 7, 2003
                                            • 0 Attachment
                                              I have been trying to install Apache::Test which is a pre-requisite for something else. But I get this message:

                                              *** result: NOK
                                              !!! You are running the test suite under user 'root'.
                                              Apache cannot spawn child processes as 'root', therefore
                                              we attempt to run the test suite with user 'nobody' (99:99).
                                              The problem is that the path:
                                              /root/.cpan/build/Apache-Test-1.05/t
                                              must be 'rwx' by user 'nobody', so Apache can read and write under that
                                              path.

                                              Yet the directory is chmod=777 for nobody.

                                              Anybody got any clues where I go from here?

                                              John


                                              --
                                              Reporting bugs: http://perl.apache.org/bugs/
                                              Mail list info: http://perl.apache.org/maillist/modperl.html
                                            • Geoffrey Young
                                              ... well, first try installing as somebody other than root, perhaps not using the CPAN.pm shell. try just grabing the tarball from
                                              Message 22 of 27 , Nov 7, 2003
                                              • 0 Attachment
                                                John Day wrote:
                                                > I have been trying to install Apache::Test which is a pre-requisite for something else. But I get this message:
                                                >
                                                > *** result: NOK
                                                > !!! You are running the test suite under user 'root'.
                                                > Apache cannot spawn child processes as 'root', therefore
                                                > we attempt to run the test suite with user 'nobody' (99:99).
                                                > The problem is that the path:
                                                > /root/.cpan/build/Apache-Test-1.05/t
                                                > must be 'rwx' by user 'nobody', so Apache can read and write under that
                                                > path.
                                                >
                                                > Yet the directory is chmod=777 for nobody.
                                                >
                                                > Anybody got any clues where I go from here?

                                                well, first try installing as somebody other than root, perhaps not using
                                                the CPAN.pm shell. try just grabing the tarball from

                                                http://search.cpan.org/CPAN/authors/id/G/GE/GEOFF/Apache-Test-1.05.tar.gz

                                                unzip to your personal (non-root) home directory or something and then just

                                                $ perl Makefile.PL
                                                $ make && make test
                                                $ su
                                                # make install

                                                HTH

                                                --Geoff


                                                --
                                                Reporting bugs: http://perl.apache.org/bugs/
                                                Mail list info: http://perl.apache.org/maillist/modperl.html
                                              • Stas Bekman
                                                ... Or change your /root/.cpan to be /tmp/cpan or be under some other dir which is accessible (rwx) under nobody or your normal username.
                                                Message 23 of 27 , Nov 7, 2003
                                                • 0 Attachment
                                                  Geoffrey Young wrote:
                                                  >
                                                  >
                                                  > John Day wrote:
                                                  >
                                                  >> I have been trying to install Apache::Test which is a pre-requisite
                                                  >> for something else. But I get this message:
                                                  >>
                                                  >> *** result: NOK
                                                  >> !!! You are running the test suite under user 'root'.
                                                  >> Apache cannot spawn child processes as 'root', therefore
                                                  >> we attempt to run the test suite with user 'nobody' (99:99).
                                                  >> The problem is that the path:
                                                  >> /root/.cpan/build/Apache-Test-1.05/t
                                                  >> must be 'rwx' by user 'nobody', so Apache can read and write under that
                                                  >> path.
                                                  >>
                                                  >> Yet the directory is chmod=777 for nobody.
                                                  >>
                                                  >> Anybody got any clues where I go from here?
                                                  >
                                                  >
                                                  > well, first try installing as somebody other than root, perhaps not
                                                  > using the CPAN.pm shell. try just grabing the tarball from
                                                  >
                                                  > http://search.cpan.org/CPAN/authors/id/G/GE/GEOFF/Apache-Test-1.05.tar.gz
                                                  >
                                                  > unzip to your personal (non-root) home directory or something and then just
                                                  >
                                                  > $ perl Makefile.PL
                                                  > $ make && make test
                                                  > $ su
                                                  > # make install

                                                  Or change your /root/.cpan to be /tmp/cpan or be under some other dir which is
                                                  accessible (rwx) under 'nobody' or your normal username.


                                                  __________________________________________________________________
                                                  Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
                                                  http://stason.org/ mod_perl Guide ---> http://perl.apache.org
                                                  mailto:stas@... http://use.perl.org http://apacheweek.com
                                                  http://modperlbook.org http://apache.org http://ticketmaster.com


                                                  --
                                                  Reporting bugs: http://perl.apache.org/bugs/
                                                  Mail list info: http://perl.apache.org/maillist/modperl.html
                                                • Leo Lapworth
                                                  ... The uploaded file Apache-AuthCookieNTLM-0.05.tar.gz has entered CPAN as file: $CPAN/authors/id/L/LL/LLAP/Apache-AuthCookieNTLM-0.05.tar.gz size: 4590 bytes
                                                  Message 24 of 27 , Nov 10, 2003
                                                  • 0 Attachment
                                                    > On Fri, Nov 07, 2003 at 06:11:48PM +0100, Stefano Ciancio wrote:
                                                    > > First of all a question. The AuthenNTLM module setted an env variable
                                                    > > REMOTE_USER to domain\\username value.

                                                    The uploaded file

                                                    Apache-AuthCookieNTLM-0.05.tar.gz

                                                    has entered CPAN as

                                                    file: $CPAN/authors/id/L/LL/LLAP/Apache-AuthCookieNTLM-0.05.tar.gz
                                                    size: 4590 bytes
                                                    md5: e902cc73ff25c384fd3e8e1b11d96702

                                                    Available NOW from:

                                                    http://leo.cuckoo.org/projects/

                                                    This version now defaults to setting the REMOTE_USER value as
                                                    userdomain\\username this will be the case as long as
                                                    'username' and 'userdomain' are set in choose_cookie_values().

                                                    Enjoy.

                                                    Leo

                                                    --
                                                    Reporting bugs: http://perl.apache.org/bugs/
                                                    Mail list info: http://perl.apache.org/maillist/modperl.html
                                                  Your message has been successfully submitted and would be delivered to recipients shortly.