You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by Patrik Grip-Jansson <pa...@gnulix.org> on 2001/01/28 12:58:27 UTC
Authentication HOWTO
Sometime ago I volunteered to fix up Bowen's authentication articles into
a howto. However work reared its ugly head and I haven't had the time
until today. I'm more or less done, but I'd like some more input on a
couple of things from the articles.
In one of the examples Rich has a; AuthGroupFile /dev/null. Is this
really good practice?
In a couple of places Rich talks about how mod_auth sometimes doesn't
authenticate if the user list file is too big. Does anyone know why this
happens? I assume that something times out while waiting for a reply from
the module. It would be nice to include an explanation as to why this
happens.
I think that's all for now. I'll upload the howto into the CVS as soon as
possible...
--
.---------------------.
| Patrik Grip-Jansson |
| Ringen 4B |
| 78444 Borlänge .--'-----------------------------------.
| Sweden | All views and opinions are my own, |
`------------------| PH:+46(0)24382823 PW:+46(0)707354360 |
`--------------------------------------'
Re: Authentication HOWTO
Posted by jo...@slive.ca.
On Sun, 28 Jan 2001, Patrik Grip-Jansson wrote:
> On Sun, 28 Jan 2001, Rich Bowen wrote:
>
> > Patrik Grip-Jansson wrote:
> > > In one of the examples Rich has a; AuthGroupFile /dev/null. Is this
> > > really good practice?
> > I don't remember where I got that from, but it does work. If you have
> > users, but no groups, you don't have to create a group file.
>
> Yes, it does work. However, if you set it to /dev/null, the module will
> open that "file" and try to read the groups from it. If you don't supply
> any filename, the the group filename will be a NULL pointer and all group
> checks will be skipped. Which ought to be a bit faster.
>
I think you are correct there. I haven't tested or checked the code,
but I seem to remember that the "optimal" configuration is just to leave
out the AuthGroupFile line entirely if you don't use group files.
Regarding the "file too large" issue, I would just replace that with a
recommendation that mod_auth_dbm (or other db backed module) be used for
large databases for speed reasons.
Joshua.
Re: Authentication HOWTO
Posted by Patrik Grip-Jansson <pa...@gnulix.org>.
On Sun, 28 Jan 2001, Rich Bowen wrote:
> Patrik Grip-Jansson wrote:
> > In one of the examples Rich has a; AuthGroupFile /dev/null. Is this
> > really good practice?
> I don't remember where I got that from, but it does work. If you have
> users, but no groups, you don't have to create a group file.
Yes, it does work. However, if you set it to /dev/null, the module will
open that "file" and try to read the groups from it. If you don't supply
any filename, the the group filename will be a NULL pointer and all group
checks will be skipped. Which ought to be a bit faster.
> > In a couple of places Rich talks about how mod_auth sometimes doesn't
> > authenticate if the user list file is too big. Does anyone know why this
> This one really deserves a little more research. I had this problem a
> while back, and rather than actually solving the problem, I switched to
> mod_auth_mysql to get around the problem. I think it would be a good
> idea to try to track down why this happens, and possibly get it fixed if
> it is deemed a bug. I found the the actual size of the list at which
> things started crapping out was different for different machines, but I
> never really investigated much farther than that.
Since it differs from machine to machine it ought to be a time out of some
sort. I did a quit search through the mod_auth source and didn't find any
timers in that code (not that I was all that thorough...) But I guess
something else could cause a time out, perhaps the TimeOut directive is
involved somehow? Unfortunately the inner workings of Apache's modules
is not my forte...
--
.---------------------.
| Patrik Grip-Jansson |
| Ringen 4B |
| 78444 Borlänge .--'-----------------------------------.
| Sweden | All views and opinions are my own, |
`------------------| PH:+46(0)24382823 PW:+46(0)707354360 |
`--------------------------------------'
Re: Authentication HOWTO
Posted by Rich Bowen <rb...@rcbowen.com>.
Patrik Grip-Jansson wrote:
>
> Sometime ago I volunteered to fix up Bowen's authentication articles into
> a howto. However work reared its ugly head and I haven't had the time
> until today. I'm more or less done, but I'd like some more input on a
> couple of things from the articles.
>
> In one of the examples Rich has a; AuthGroupFile /dev/null. Is this
> really good practice?
I don't remember where I got that from, but it does work. If you have
users, but no groups, you don't have to create a group file.
> In a couple of places Rich talks about how mod_auth sometimes doesn't
> authenticate if the user list file is too big. Does anyone know why this
> happens? I assume that something times out while waiting for a reply from
> the module. It would be nice to include an explanation as to why this
> happens.
This one really deserves a little more research. I had this problem a
while back, and rather than actually solving the problem, I switched to
mod_auth_mysql to get around the problem. I think it would be a good
idea to try to track down why this happens, and possibly get it fixed if
it is deemed a bug. I found the the actual size of the list at which
things started crapping out was different for different machines, but I
never really investigated much farther than that.
--
Rich Bowen -- Director of Web Application Development
http://www.cre8tivegroup.com/ -- rich@cre8tivegroup.com
Have trouble remembering things? http://www.mymissinghead.com/
Re: Authentication HOWTO
Posted by Joshua Slive <jo...@slive.ca>.
On Sun, 28 Jan 2001, Patrik Grip-Jansson wrote:
> Sometime ago I volunteered to fix up Bowen's authentication articles into
> a howto.
So what every happend to this?
(Just asking ;-)
Joshua.