You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by Shannon Eric Peevey <sp...@unt.edu> on 2003/10/30 18:19:05 UTC
[Fwd: AuthenNTLM and slow web server]
-------- Original Message --------
Subject: AuthenNTLM and slow web server
Date: Thu, 30 Oct 2003 17:59:49 +0100
From: Stefano Ciancio <s....@pisa.iol.it>
Organization: Italia On Line
To: speeves@unt.edu
Hi,
I am using the apache module Apache-AuthenNTLM-2.04 with apache 1.3, but I am
having some problem with it.
I view some time_wait session to windows pdc and many error in apache's
error.log.
Moreover this also seems to cause the web server to go _very_ slow.
My httpd.conf configuration is standard
<Location />
PerlAuthenHandler Apache::AuthenNTLM
AuthType ntlm,basic
AuthName test
require valid-user
PerlAddVar ntdomain "name_domain1 name_of_pdc1"
PerlAddVar ntdomain "other_domain pdc_for_domain bdc_for_domain"
PerlSetVar defaultdomain wingr1
PerlSetVar ntlmdebug 0
</Location>
with keepAlive setted to On.
Have you an an idea why this is happening?
Thanks,
Stefano
Re: [Fwd: AuthenNTLM and slow web server]
Posted by Shannon Eric Peevey <sp...@unt.edu>.
Enrico Sorcinelli wrote:
>On Tue, 04 Nov 2003 09:13:34 -0600
>Shannon Eric Peevey <sp...@unt.edu> wrote:
>
>
>
>
>>BTW, I don't see the module asking for authorization for every object,
>>only when the client asks for something in a new directory. (It's a
>>little hard to tell from the debug log if the calls to the samba server
>>are made for every object, I need a little more time to follow its logic
>>through. But, on the client side, I am not seeing the 401 returned for
>>every object.)
>>
>>
>
>How about improving the module by adding some caching mechanism for
>authenticated users?
>Moreover it could be nice to control it with PerlSetVar directives
>(ttl and so on)
>
>by
>
> - Enrico
>
>
Hi!
I think that is probably a great idea. I don't have time to add it in
now, but if you send me a patch, I will be happy to add it into the next
release.
thanks,
speeves
cws
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: [Fwd: AuthenNTLM and slow web server]
Posted by Shannon Eric Peevey <sp...@unt.edu>.
Shannon Eric Peevey wrote:
> Enrico Sorcinelli wrote:
>
>> On Tue, 04 Nov 2003 09:13:34 -0600
>> Shannon Eric Peevey <sp...@unt.edu> wrote:
>>
>>
>>
>>
>>> BTW, I don't see the module asking for authorization for every
>>> object, only when the client asks for something in a new directory.
>>> (It's a little hard to tell from the debug log if the calls to the
>>> samba server are made for every object, I need a little more time to
>>> follow its logic through. But, on the client side, I am not seeing
>>> the 401 returned for every object.)
>>>
>>
>>
>> How about improving the module by adding some caching mechanism for
>> authenticated users?
>> Moreover it could be nice to control it with PerlSetVar directives
>> (ttl and so on)
>>
>> by
>>
>> - Enrico
>>
>>
>>
> BTW, has anyone read the documentation in AuthenNTLM.pm? Here is an
> example on how to only call AuthenNTLM if a precondition is met...
>
> =head2 Example for overriding
>
>
> The following code shows the a basic example for creating a module which
> overrides the map_user method and calls AuthenNTLM's handler only if a
> precondition is met. Note: The functions preconditon_met and lookup_user
> do the real work and are not shown here.
>
>
>
>
> package Apache::MyAuthenNTLM ;
>
>
> use Apache::AuthenNTLM ;
>
>
> @ISA = ('Apache::AuthenNTLM') ;
>
>
>
>
> sub handler ($$)
> {
> my ($self, $r) = @_ ;
>
>
> return Apache::AuthenNTLM::handler ($self, $r) if
> (precondition_met()) ;
> return DECLINED ;
> }
>
>
> sub map_user
>
>
> {
> my ($self, $r) = @_ ;
>
>
> return lookup_user ($self->{userdomain}, $self->{username}) ;
> }
>
> This should work for now, and I will bang around and see how much work
> it will take to add in a caching feature directly into the module.
> Seems that it would be useful for a lot of people, right?
>
> speeves
> cws
>
>
OK, final questions for the day...
1. Apache-AuthenNTLM already caches the connections to the samba
server. I am assuming that we are having a problem with queries passing
through this connection, and not a "too many connections" problem on the
samba server end, right?
(NOTE: (Mathias) Apache-AuthenSMB does not cache the connections, so
what are we seeing with it exactly? )
2. Do we really need to handle caching within this module? Might it
not be handled by one of the Caching modules that Michael Parker
mentioned in an earlier email?
(http://marc.theaimsgroup.com/?l=apache-modperl&m=106780304521226&w=2)
3. If we do add caching into the Apache-AuthenNTLM mod, where do we
cache the yes/no variable, and when do we destroy it?
thanks for your input,
speeves
cws
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: [Fwd: AuthenNTLM and slow web server]
Posted by Shannon Eric Peevey <sp...@unt.edu>.
Enrico Sorcinelli wrote:
>On Tue, 04 Nov 2003 09:13:34 -0600
>Shannon Eric Peevey <sp...@unt.edu> wrote:
>
>
>
>
>>BTW, I don't see the module asking for authorization for every object,
>>only when the client asks for something in a new directory. (It's a
>>little hard to tell from the debug log if the calls to the samba server
>>are made for every object, I need a little more time to follow its logic
>>through. But, on the client side, I am not seeing the 401 returned for
>>every object.)
>>
>>
>
>How about improving the module by adding some caching mechanism for
>authenticated users?
>Moreover it could be nice to control it with PerlSetVar directives
>(ttl and so on)
>
>by
>
> - Enrico
>
>
>
BTW, has anyone read the documentation in AuthenNTLM.pm? Here is an
example on how to only call AuthenNTLM if a precondition is met...
=head2 Example for overriding
The following code shows the a basic example for creating a module which
overrides the map_user method and calls AuthenNTLM's handler only if a
precondition is met. Note: The functions preconditon_met and lookup_user
do the real work and are not shown here.
package Apache::MyAuthenNTLM ;
use Apache::AuthenNTLM ;
@ISA = ('Apache::AuthenNTLM') ;
sub handler ($$)
{
my ($self, $r) = @_ ;
return Apache::AuthenNTLM::handler ($self, $r) if
(precondition_met()) ;
return DECLINED ;
}
sub map_user
{
my ($self, $r) = @_ ;
return lookup_user ($self->{userdomain}, $self->{username}) ;
}
This should work for now, and I will bang around and see how much work
it will take to add in a caching feature directly into the module.
Seems that it would be useful for a lot of people, right?
speeves
cws
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: [Fwd: AuthenNTLM and slow web server]
Posted by Enrico Sorcinelli <e....@pisa.iol.it>.
On Tue, 04 Nov 2003 09:13:34 -0600
Shannon Eric Peevey <sp...@unt.edu> wrote:
> BTW, I don't see the module asking for authorization for every object,
> only when the client asks for something in a new directory. (It's a
> little hard to tell from the debug log if the calls to the samba server
> are made for every object, I need a little more time to follow its logic
> through. But, on the client side, I am not seeing the 401 returned for
> every object.)
How about improving the module by adding some caching mechanism for
authenticated users?
Moreover it could be nice to control it with PerlSetVar directives
(ttl and so on)
by
- Enrico
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: [Fwd: AuthenNTLM and slow web server]
Posted by Shannon Eric Peevey <sp...@unt.edu>.
Stefano Ciancio wrote:
>On Mon, 03 Nov 2003 15:39:14 -0600
>Shannon Eric Peevey <sp...@unt.edu> wrote:
>
>
>
>>Stefano Ciancio wrote:
>>
>>
>>
>>>Hi Shannon Eric,
>>>
>>>I have set "ntlmdebug" = 2 and produced an error.log that I have attached.
>>>
>>>It seems that the error is:
>>>
>>>[9100] AuthenNTLM: Authorization Header <not given>
>>>
>>>I don't know its means ...
>>>
>>>Can you help me?
>>>
>>> Stefano
>>>
>>>
>>>
>>>
>>>
>>>
>>Hi!
>>
>>I'm sorry, but I have become foggy on the problem here... Are you
>>talking about problems logging in, or web server performance?
>>
>>[9100] AuthenNTLM: Authorization Header <not given>
>>
>>This is telling us that the browser is not including an "Authorization"
>>header, which is normal on the initial request from the browser. (The server
>>throws a 401 Authorization Required, which tells the browser that it needs to
>>include an Authorization header.
>>
>>There is no error here.
>>
>>speeves
>>cws
>>
>>
>>
>
>Yes, have you right!! My problem is about web server performance and I thought
>that it depended from some error of the module.
>
>
> Stefano
>
>
I don't think that you are getting any errors in what I see( on your
end). So I guess my question still stands, is anyone else seeing slow
performance in a production site with this module?
BTW, I don't see the module asking for authorization for every object,
only when the client asks for something in a new directory. (It's a
little hard to tell from the debug log if the calls to the samba server
are made for every object, I need a little more time to follow its logic
through. But, on the client side, I am not seeing the 401 returned for
every object.)
thanks,
speeves
cws
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: [Fwd: AuthenNTLM and slow web server]
Posted by Stefano Ciancio <s....@pisa.iol.it>.
On Mon, 03 Nov 2003 15:39:14 -0600
Shannon Eric Peevey <sp...@unt.edu> wrote:
> Stefano Ciancio wrote:
>
> >Hi Shannon Eric,
> >
> >I have set "ntlmdebug" = 2 and produced an error.log that I have attached.
> >
> >It seems that the error is:
> >
> >[9100] AuthenNTLM: Authorization Header <not given>
> >
> >I don't know its means ...
> >
> >Can you help me?
> >
> > Stefano
> >
> >
> >
> >
> Hi!
>
> I'm sorry, but I have become foggy on the problem here... Are you
> talking about problems logging in, or web server performance?
>
> [9100] AuthenNTLM: Authorization Header <not given>
>
> This is telling us that the browser is not including an "Authorization"
> header, which is normal on the initial request from the browser. (The server
> throws a 401 Authorization Required, which tells the browser that it needs to
> include an Authorization header.
>
> There is no error here.
>
> speeves
> cws
>
Yes, have you right!! My problem is about web server performance and I thought
that it depended from some error of the module.
Stefano
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: [Fwd: AuthenNTLM and slow web server]
Posted by Shannon Eric Peevey <sp...@unt.edu>.
Stefano Ciancio wrote:
>Hi Shannon Eric,
>
>I have set "ntlmdebug" = 2 and produced an error.log that I have attached.
>
>It seems that the error is:
>
>[9100] AuthenNTLM: Authorization Header <not given>
>
>I don't know its means ...
>
>Can you help me?
>
> Stefano
>
>
>
>
Hi!
I'm sorry, but I have become foggy on the problem here... Are you
talking about problems logging in, or web server performance?
[9100] AuthenNTLM: Authorization Header <not given>
This is telling us that the browser is not including an "Authorization" header, which is normal on the initial request from the browser. (The server throws a 401 Authorization Required, which tells the browser that it needs to include an Authorization header.
There is no error here.
speeves
cws
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: [Fwd: AuthenNTLM and slow web server]
Posted by Stefano Ciancio <s....@pisa.iol.it>.
Hi Shannon Eric,
I have set "ntlmdebug" = 2 and produced an error.log that I have attached.
It seems that the error is:
[9100] AuthenNTLM: Authorization Header <not given>
I don't know its means ...
Can you help me?
Stefano
On Fri, 31 Oct 2003 08:41:39 -0600
Shannon Eric Peevey <sp...@unt.edu> wrote:
> Shannon Eric Peevey wrote:
>
> >
> >
> > -------- Original Message --------
> > Subject: AuthenNTLM and slow web server
> > Date: Thu, 30 Oct 2003 17:59:49 +0100
> > From: Stefano Ciancio <s....@pisa.iol.it>
> > Organization: Italia On Line
> > To: speeves@unt.edu
> >
> >
> >
> > Hi,
> >
> > I am using the apache module Apache-AuthenNTLM-2.04 with apache 1.3,
> > but I am
> > having some problem with it.
> >
> > I view some time_wait session to windows pdc and many error in apache's
> > error.log.
> > Moreover this also seems to cause the web server to go _very_ slow.
> >
> > My httpd.conf configuration is standard
> > <Location />
> > PerlAuthenHandler Apache::AuthenNTLM AuthType ntlm,basic
> > AuthName test
> > require valid-user
> >
> > PerlAddVar ntdomain "name_domain1 name_of_pdc1"
> > PerlAddVar ntdomain "other_domain pdc_for_domain
> > bdc_for_domain"
> >
> > PerlSetVar defaultdomain wingr1
> > PerlSetVar ntlmdebug 0
> > </Location>
> >
> > with keepAlive setted to On.
> >
> > Have you an an idea why this is happening?
> >
> > Thanks,
> > Stefano
> >
> Hi!
>
> Can you set "ntlmdebug" = 2 and send me the sections of the error_log
> that you are talking about?
>
> thanks,
> speeves
> cws
>
> BTW, did you have this working correctly with any other version
> Apache-AuthenNTLM?
Re: [Fwd: AuthenNTLM and slow web server]
Posted by Michael Parker <pa...@pobox.com>.
On Fri, Oct 31, 2003 at 08:08:02PM +0100, Stefano Ciancio wrote:
>
> Hi,
>
> I have seen better the log and the error in apache's error.log was about some
> gif that the web server not found.
> But the big problem with this module is that seem for each object it require an
> authentication from pdc/bdc. This behaviour causes the web server to go _very_
> slow. The user must wait ten of seconds to load a single web page.
>
> I want use this module to obtain a single sign on in the Intranet of my company
> that have thousands of users in some trusted NT pdc/bdc.
> Do you think that this module could working fine? Exists some other mechanism to
> obtain the single sign on with ntlm?
>
It's fairly easy to knock a PDC/BDC over if you throw enough
authentication requests at it. The key is to do everything possible
to limit the number of authentication requests it has to make.
Someone mentioned using cookies, which is one way. There have been
several discussed over the years on this list. You should check the
archives to give you some ideas on how to solve the problem. I found
the most success using one of the authentication caching modules.
Michael
Re: [Fwd: AuthenNTLM and slow web server]
Posted by Shannon Eric Peevey <sp...@unt.edu>.
Stefano Ciancio wrote:
>Hi,
>
>I have seen better the log and the error in apache's error.log was about some
>gif that the web server not found.
>But the big problem with this module is that seem for each object it require an
>authentication from pdc/bdc. This behaviour causes the web server to go _very_
>slow. The user must wait ten of seconds to load a single web page.
>
Unfortunately, I don't use this module in a production environment, so
cannot comment here. Is anyone else seeing this in a live environment?
>
>I want use this module to obtain a single sign on in the Intranet of my company
>that have thousands of users in some trusted NT pdc/bdc.
>Do you think that this module could working fine?
>
I don't really think that this module was created with this purpose in
mind.
>Exists some other mechanism to
>obtain the single sign on with ntlm?
>
>
Check out my message to Mr. Lapworth at:
http://marc.theaimsgroup.com/?l=apache-modperl&m=106788287330640&w=2
If he doesn't have the time to create this module, maybe one of you
will? If not, I can put it on my to-do list, and could probably have
something by late January...
speeves
cws
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: Problem with Apache::Test
Posted by Stas Bekman <st...@stason.org>.
Geoffrey Young wrote:
>
>
> John Day wrote:
>
>> I have been trying to install Apache::Test which is a pre-requisite
>> for something else. But I get this message:
>>
>> *** result: NOK
>> !!! You are running the test suite under user 'root'.
>> Apache cannot spawn child processes as 'root', therefore
>> we attempt to run the test suite with user 'nobody' (99:99).
>> The problem is that the path:
>> /root/.cpan/build/Apache-Test-1.05/t
>> must be 'rwx' by user 'nobody', so Apache can read and write under that
>> path.
>>
>> Yet the directory is chmod=777 for nobody.
>>
>> Anybody got any clues where I go from here?
>
>
> well, first try installing as somebody other than root, perhaps not
> using the CPAN.pm shell. try just grabing the tarball from
>
> http://search.cpan.org/CPAN/authors/id/G/GE/GEOFF/Apache-Test-1.05.tar.gz
>
> unzip to your personal (non-root) home directory or something and then just
>
> $ perl Makefile.PL
> $ make && make test
> $ su
> # make install
Or change your /root/.cpan to be /tmp/cpan or be under some other dir which is
accessible (rwx) under 'nobody' or your normal username.
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: Problem with Apache::Test
Posted by Geoffrey Young <ge...@modperlcookbook.org>.
John Day wrote:
> I have been trying to install Apache::Test which is a pre-requisite for something else. But I get this message:
>
> *** result: NOK
> !!! You are running the test suite under user 'root'.
> Apache cannot spawn child processes as 'root', therefore
> we attempt to run the test suite with user 'nobody' (99:99).
> The problem is that the path:
> /root/.cpan/build/Apache-Test-1.05/t
> must be 'rwx' by user 'nobody', so Apache can read and write under that
> path.
>
> Yet the directory is chmod=777 for nobody.
>
> Anybody got any clues where I go from here?
well, first try installing as somebody other than root, perhaps not using
the CPAN.pm shell. try just grabing the tarball from
http://search.cpan.org/CPAN/authors/id/G/GE/GEOFF/Apache-Test-1.05.tar.gz
unzip to your personal (non-root) home directory or something and then just
$ perl Makefile.PL
$ make && make test
$ su
# make install
HTH
--Geoff
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Problem with Apache::Test
Posted by John Day <jo...@wordsnimages.com>.
I have been trying to install Apache::Test which is a pre-requisite for something else. But I get this message:
*** result: NOK
!!! You are running the test suite under user 'root'.
Apache cannot spawn child processes as 'root', therefore
we attempt to run the test suite with user 'nobody' (99:99).
The problem is that the path:
/root/.cpan/build/Apache-Test-1.05/t
must be 'rwx' by user 'nobody', so Apache can read and write under that
path.
Yet the directory is chmod=777 for nobody.
Anybody got any clues where I go from here?
John
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
[ANNOUNCE] Apache::AuthCookieNTLM 0.05
Posted by Leo Lapworth <le...@cuckoo.org>.
> On Fri, Nov 07, 2003 at 06:11:48PM +0100, Stefano Ciancio wrote:
> > First of all a question. The AuthenNTLM module setted an env variable
> > REMOTE_USER to domain\\username value.
The uploaded file
Apache-AuthCookieNTLM-0.05.tar.gz
has entered CPAN as
file: $CPAN/authors/id/L/LL/LLAP/Apache-AuthCookieNTLM-0.05.tar.gz
size: 4590 bytes
md5: e902cc73ff25c384fd3e8e1b11d96702
Available NOW from:
http://leo.cuckoo.org/projects/
This version now defaults to setting the REMOTE_USER value as
userdomain\\username this will be the case as long as
'username' and 'userdomain' are set in choose_cookie_values().
Enjoy.
Leo
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: [ANNOUNCE] Apache::AuthCookieNTLM 0.04
Posted by Leo Lapworth <le...@cuckoo.org>.
Hi Stefano,
On Fri, Nov 07, 2003 at 06:11:48PM +0100, Stefano Ciancio wrote:
> I have donwloaded your module and testing it.
>
> First of all a question. The AuthenNTLM module setted an env variable
> REMOTE_USER to domain\\username value.
> Set the new module this variable?
Ahh, this wasn't something I was checking for - I'll have a look
at how / if it can be implimented next week (don't have a windowz
machine at home to test it all on).
Patch welcome if you figure it out before then.
Cheers
Leo
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: [ANNOUNCE] Apache::AuthCookieNTLM 0.04
Posted by Stefano Ciancio <s....@pisa.iol.it>.
Hi Leo,
I have donwloaded your module and testing it.
First of all a question. The AuthenNTLM module setted an env variable
REMOTE_USER to domain\\username value.
Set the new module this variable?
Thanks,
Stefano
On Fri, 7 Nov 2003 14:01:13 +0000
Leo Lapworth <le...@cuckoo.org> wrote:
> I've just uploaded Apache::AuthCookieNTLM 0.04 to
> CPAN, it's available from http://leo.cuckoo.org/projects/
> if you can't wait for it to be processed.
>
> I'll consider it finished (ie. working) unless
> I hear from anyone :)
>
> Cheers
>
> Leo
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: [ANNOUNCE] Apache::AuthCookieNTLM 0.04
Posted by Shannon Eric Peevey <sp...@unt.edu>.
>Fraid I haven't a clue, not used mod_perl2 yet, it requires
>Apache::Request and Apache::Cookie, can't remember if they are
>abailable yet.
>
>Leo
>
>
Actually, I am looking into it now. (I know that your module as it
stands only works with mp1). But, I am going to download the libapreq 2
release and see how it plays with your module. (It is still in beta,
and I don't know how far they are in the process of porting to mp2, so
you might be nervous about using it... OTOH, if you are using mp2, who
cares right?! Cause it's still in beta too ;) ) BTW, any and all
installs of the new libapreq2 will be helping in the dev process, so it
would be great if we all mess with it, and give them a heads-up on bugs
and stuff :)
thanks,
speeves
cws
BTW, can you include the list in your replies? thanks :)
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
[ANNOUNCE] Apache::AuthCookieNTLM 0.04
Posted by Leo Lapworth <le...@cuckoo.org>.
I've just uploaded Apache::AuthCookieNTLM 0.04 to
CPAN, it's available from http://leo.cuckoo.org/projects/
if you can't wait for it to be processed.
I'll consider it finished (ie. working) unless
I hear from anyone :)
Cheers
Leo
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: Apache::AuthCookieNTLM
Posted by Shannon Eric Peevey <sp...@unt.edu>.
Leo Lapworth wrote:
>Hi All,
>
>The first version is available at:
>
>http://leo.cuckoo.org/projects/AuthCookieNTLM/
>
>I'll tidy up the docs and add a bit more functionality tomorrow,
>debugging for example! - before uploading to CPAN.
>
>We decided against using Apache::AuthCookie in the end,
>it just seemed over kill.
>
>By default the user's login and a test value are set in the
>cookie, there is the choose_cookie_values() so you can
>inherit Apache::AuthCookieNTLM and overwride this and
>therefor add any additional information you want to the
>cookie at this stage. For example we want to lookup
>people's email addresses and other info we have in a
>DB to personalise other pages on the intranet.
>
>Feedback welcome.
>
>Cheers
>
>Leo
>
>
Bravo!! Way to get on the ball :) I will see if I get a chance to
check it out tomorrow.
thanks,
speeves
cws
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Apache::AuthCookieNTLM
Posted by Leo Lapworth <le...@cuckoo.org>.
Hi All,
The first version is available at:
http://leo.cuckoo.org/projects/AuthCookieNTLM/
I'll tidy up the docs and add a bit more functionality tomorrow,
debugging for example! - before uploading to CPAN.
We decided against using Apache::AuthCookie in the end,
it just seemed over kill.
By default the user's login and a test value are set in the
cookie, there is the choose_cookie_values() so you can
inherit Apache::AuthCookieNTLM and overwride this and
therefor add any additional information you want to the
cookie at this stage. For example we want to lookup
people's email addresses and other info we have in a
DB to personalise other pages on the intranet.
Feedback welcome.
Cheers
Leo
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: [Fwd: AuthenNTLM and slow web server]
Posted by Shannon Eric Peevey <sp...@unt.edu>.
Leo Lapworth wrote:
>On Mon, Nov 03, 2003 at 11:55:28AM -0600, Shannon Eric Peevey wrote:
>
>
>>Are you creating something along the lines of a:
>>
>>Apache-AuthCookieNTML ?
>>
>>It seems that a lot of these questions would be resolved by a module
>>that would check for a cookie first, and then throw the auth box when
>>the user hasn't been authenticated.
>>
>>
>
>This is the general plan - we've just got Apache::AuthNTML working
>properly, so going to work on Apache::AuthCookieNTML this week,
>I'll report back when we've got something up and running.
>
>Cheers
>
>Leo
>
>
Great!! Keep us posted, and don't forget to request a PAUSE account on
CPAN so that you can upload your module there :)
speeves
cws
PS Sorry bout the typo in the previous message :P It's really
Apache-AuthCookieNTLM...
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: [Fwd: AuthenNTLM and slow web server]
Posted by Leo Lapworth <le...@cuckoo.org>.
On Mon, Nov 03, 2003 at 11:55:28AM -0600, Shannon Eric Peevey wrote:
> Are you creating something along the lines of a:
>
> Apache-AuthCookieNTML ?
>
> It seems that a lot of these questions would be resolved by a module
> that would check for a cookie first, and then throw the auth box when
> the user hasn't been authenticated.
This is the general plan - we've just got Apache::AuthNTML working
properly, so going to work on Apache::AuthCookieNTML this week,
I'll report back when we've got something up and running.
Cheers
Leo
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: [Fwd: AuthenNTLM and slow web server]
Posted by Shannon Eric Peevey <sp...@unt.edu>.
Leo Lapworth wrote:
>On Fri, Oct 31, 2003 at 08:08:02PM +0100, Stefano Ciancio wrote:
>
>
>>But the big problem with this module is that seem for each object it require an
>>authentication from pdc/bdc. This behaviour causes the web server to go _very_
>>slow. The user must wait ten of seconds to load a single web page.
>>
>>
>
>We are working on something similar at the moment, we are planning
>on creating a wrapper module which checks for a cookie, if that is
>not set then it used AuthenNTML and sets the cookie (just for
>the browser session), but if it is set we know that the user
>has been authenticated and therefor only have to check authentication
>once per user per session.
>
>Once we get it working I'll post it on the net somewhere and
>a message here.
>
>Leo
>
>
Are you creating something along the lines of a:
Apache-AuthCookieNTML ?
It seems that a lot of these questions would be resolved by a module
that would check for a cookie first, and then throw the auth box when
the user hasn't been authenticated. Then you could just continue to
check for a cookie, instead of querying the samba server for every
image, etc. on the page.
Could I recommend writing this module, (instead of a work-around piece
of code)? I think that an Apache-AuthCookieNTLM would benefit a lot of
people.
If no one is up to it, let me know and I will start working on one when
I have the time.
thanks,
speeves
cws
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
Re: [Fwd: AuthenNTLM and slow web server]
Posted by Leo Lapworth <le...@cuckoo.org>.
On Fri, Oct 31, 2003 at 08:08:02PM +0100, Stefano Ciancio wrote:
> But the big problem with this module is that seem for each object it require an
> authentication from pdc/bdc. This behaviour causes the web server to go _very_
> slow. The user must wait ten of seconds to load a single web page.
We are working on something similar at the moment, we are planning
on creating a wrapper module which checks for a cookie, if that is
not set then it used AuthenNTML and sets the cookie (just for
the browser session), but if it is set we know that the user
has been authenticated and therefor only have to check authentication
once per user per session.
Once we get it working I'll post it on the net somewhere and
a message here.
Leo
Re: [Fwd: AuthenNTLM and slow web server]
Posted by Stefano Ciancio <s....@pisa.iol.it>.
Hi,
I have seen better the log and the error in apache's error.log was about some
gif that the web server not found.
But the big problem with this module is that seem for each object it require an
authentication from pdc/bdc. This behaviour causes the web server to go _very_
slow. The user must wait ten of seconds to load a single web page.
I want use this module to obtain a single sign on in the Intranet of my company
that have thousands of users in some trusted NT pdc/bdc.
Do you think that this module could working fine? Exists some other mechanism to
obtain the single sign on with ntlm?
Thanks
Stefano
P.S. this is the first version of AuthentNTLM that I have tried.
On Fri, 31 Oct 2003 08:41:39 -0600
Shannon Eric Peevey <sp...@unt.edu> wrote:
> Shannon Eric Peevey wrote:
>
> >
> >
> > -------- Original Message --------
> > Subject: AuthenNTLM and slow web server
> > Date: Thu, 30 Oct 2003 17:59:49 +0100
> > From: Stefano Ciancio <s....@pisa.iol.it>
> > Organization: Italia On Line
> > To: speeves@unt.edu
> >
> >
> >
> > Hi,
> >
> > I am using the apache module Apache-AuthenNTLM-2.04 with apache 1.3,
> > but I am
> > having some problem with it.
> >
> > I view some time_wait session to windows pdc and many error in apache's
> > error.log.
> > Moreover this also seems to cause the web server to go _very_ slow.
> >
> > My httpd.conf configuration is standard
> > <Location />
> > PerlAuthenHandler Apache::AuthenNTLM AuthType ntlm,basic
> > AuthName test
> > require valid-user
> >
> > PerlAddVar ntdomain "name_domain1 name_of_pdc1"
> > PerlAddVar ntdomain "other_domain pdc_for_domain
> > bdc_for_domain"
> >
> > PerlSetVar defaultdomain wingr1
> > PerlSetVar ntlmdebug 0
> > </Location>
> >
> > with keepAlive setted to On.
> >
> > Have you an an idea why this is happening?
> >
> > Thanks,
> > Stefano
> >
> Hi!
>
> Can you set "ntlmdebug" = 2 and send me the sections of the error_log
> that you are talking about?
>
> thanks,
> speeves
> cws
>
> BTW, did you have this working correctly with any other version
> Apache-AuthenNTLM?
>
Re: [Fwd: AuthenNTLM and slow web server]
Posted by Shannon Eric Peevey <sp...@unt.edu>.
Shannon Eric Peevey wrote:
>
>
> -------- Original Message --------
> Subject: AuthenNTLM and slow web server
> Date: Thu, 30 Oct 2003 17:59:49 +0100
> From: Stefano Ciancio <s....@pisa.iol.it>
> Organization: Italia On Line
> To: speeves@unt.edu
>
>
>
> Hi,
>
> I am using the apache module Apache-AuthenNTLM-2.04 with apache 1.3,
> but I am
> having some problem with it.
>
> I view some time_wait session to windows pdc and many error in apache's
> error.log.
> Moreover this also seems to cause the web server to go _very_ slow.
>
> My httpd.conf configuration is standard
> <Location />
> PerlAuthenHandler Apache::AuthenNTLM AuthType ntlm,basic
> AuthName test
> require valid-user
>
> PerlAddVar ntdomain "name_domain1 name_of_pdc1"
> PerlAddVar ntdomain "other_domain pdc_for_domain
> bdc_for_domain"
>
> PerlSetVar defaultdomain wingr1
> PerlSetVar ntlmdebug 0
> </Location>
>
> with keepAlive setted to On.
>
> Have you an an idea why this is happening?
>
> Thanks,
> Stefano
>
Hi!
Can you set "ntlmdebug" = 2 and send me the sections of the error_log
that you are talking about?
thanks,
speeves
cws
BTW, did you have this working correctly with any other version
Apache-AuthenNTLM?