You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Issac Goldstand <ma...@beamartyr.net> on 2009/11/01 10:20:04 UTC
Visiting mod_authn_cache
Paul (or anyone else interested),
Any interested in visiting mod_authn_cache over the hackathon? I
won't be there physically but have been working on the template that was
started at the mod-auth project @ sourceforge. My agenda is:
1) Add the caching and make it work :)
2) Add an optional timeout value for marking cached credentials as "stale"
I've already made a lot of progress and I think it's working, although I
think that I could have stashed the cache in a more intelligent place
that I currently do.
Let me know on or off list if you'r einterested in persuing it a bit
this week
Issac
Re: Visiting mod_authn_cache
Posted by Issac Goldstand <ma...@beamartyr.net>.
Graham Leggett wrote:
> Issac Goldstand wrote:
>
>
I actually ended up solving it with the help of socache's source. I was
having troubles with apr_time_t's and saw that socache uses plain 'ol
time_t. After switching, everything just worked. So technically, I'm
done. (I'd be happy to submit the jumbo-patch to mod-auth, not sure if
work will leave me time to start seperating it into chunks)
>> Nope, it's not what I was using. I wanted to keep it 2.2.x compatible
>> since I need this module in production, although I completely agree with
>> the point.
>>
>
> We also use socache in v2.2, and to solve that problem, I backported the
> socache modules as external modules. Not all the socache modules build
> cleanly, but the key ones we needed did.
>
Can you tell me what worked? If the shared memory cache works, I may
get some extra time at work to rewrite for socache, just so that all of
the children can use a single cache, instead of one per child.
Also, any pointers to sample code for socache would be nice. I *think*
I get how it's supposed to be used, but a concrete example would save
some time.
Issac
Re: Visiting mod_authn_cache
Posted by Issac Goldstand <ma...@beamartyr.net>.
Graham Leggett wrote:
> Issac Goldstand wrote:
>
>
I actually ended up solving it with the help of socache's source. I was
having troubles with apr_time_t's and saw that socache uses plain 'ol
time_t. After switching, everything just worked. So technically, I'm
done. (I'd be happy to submit the jumbo-patch to mod-auth, not sure if
work will leave me time to start seperating it into chunks)
>> Nope, it's not what I was using. I wanted to keep it 2.2.x compatible
>> since I need this module in production, although I completely agree with
>> the point.
>>
>
> We also use socache in v2.2, and to solve that problem, I backported the
> socache modules as external modules. Not all the socache modules build
> cleanly, but the key ones we needed did.
>
Can you tell me what worked? If the shared memory cache works, I may
get some extra time at work to rewrite for socache, just so that all of
the children can use a single cache, instead of one per child.
Also, any pointers to sample code for socache would be nice. I *think*
I get how it's supposed to be used, but a concrete example would save
some time.
Issac
Re: Visiting mod_authn_cache
Posted by Graham Leggett <mi...@sharp.fm>.
Issac Goldstand wrote:
> Nope, it's not what I was using. I wanted to keep it 2.2.x compatible
> since I need this module in production, although I completely agree with
> the point.
We also use socache in v2.2, and to solve that problem, I backported the
socache modules as external modules. Not all the socache modules build
cleanly, but the key ones we needed did.
Regards,
Graham
--
Re: Visiting mod_authn_cache
Posted by Issac Goldstand <ma...@beamartyr.net>.
Graham Leggett wrote:
> Issac Goldstand wrote:
>
>
>> I've actually gotten everything working except for the timeout thing.
>> I'm probably missing something obvious in C, but this is what I'm doing...
>>
>> I've got a timeout period set as a apr_short_interval_time_t, a
>> timestamp on each cache entry set as an apr_time_t, and I populate the
>> latter with apr_time_now() when I add the cache entry and compare if
>> (cache timestamp + the timeout < apr_time_now()) then use the cached
>> credentials, otherwise delete the old cache entry.
>>
>> The odd thing is that I *never* get the else to run. Ever.
>>
>
> (Not had time to look at any code yet, but this leaps to mind)
>
> Have you had a look at the mod_socache provider in httpd-trunk? The
> provider gives you a pluggable caching mechanism, and gives you timeout
> and max-age functionality for free.
>
> I would be strongly for reusing the existing modular socache code rather
> than inventing yet-another-cache in the tree.
>
> (Apologies if socache is what you're using already)
>
> Regards,
> Graham
> --
>
Nope, it's not what I was using. I wanted to keep it 2.2.x compatible
since I need this module in production, although I completely agree with
the point.
Issac
Re: Visiting mod_authn_cache
Posted by Issac Goldstand <ma...@beamartyr.net>.
Graham Leggett wrote:
> Issac Goldstand wrote:
>
>
>> I've actually gotten everything working except for the timeout thing.
>> I'm probably missing something obvious in C, but this is what I'm doing...
>>
>> I've got a timeout period set as a apr_short_interval_time_t, a
>> timestamp on each cache entry set as an apr_time_t, and I populate the
>> latter with apr_time_now() when I add the cache entry and compare if
>> (cache timestamp + the timeout < apr_time_now()) then use the cached
>> credentials, otherwise delete the old cache entry.
>>
>> The odd thing is that I *never* get the else to run. Ever.
>>
>
> (Not had time to look at any code yet, but this leaps to mind)
>
> Have you had a look at the mod_socache provider in httpd-trunk? The
> provider gives you a pluggable caching mechanism, and gives you timeout
> and max-age functionality for free.
>
> I would be strongly for reusing the existing modular socache code rather
> than inventing yet-another-cache in the tree.
>
> (Apologies if socache is what you're using already)
>
> Regards,
> Graham
> --
>
Nope, it's not what I was using. I wanted to keep it 2.2.x compatible
since I need this module in production, although I completely agree with
the point.
Issac
Re: Visiting mod_authn_cache
Posted by Graham Leggett <mi...@sharp.fm>.
Issac Goldstand wrote:
> I've actually gotten everything working except for the timeout thing.
> I'm probably missing something obvious in C, but this is what I'm doing...
>
> I've got a timeout period set as a apr_short_interval_time_t, a
> timestamp on each cache entry set as an apr_time_t, and I populate the
> latter with apr_time_now() when I add the cache entry and compare if
> (cache timestamp + the timeout < apr_time_now()) then use the cached
> credentials, otherwise delete the old cache entry.
>
> The odd thing is that I *never* get the else to run. Ever.
(Not had time to look at any code yet, but this leaps to mind)
Have you had a look at the mod_socache provider in httpd-trunk? The
provider gives you a pluggable caching mechanism, and gives you timeout
and max-age functionality for free.
I would be strongly for reusing the existing modular socache code rather
than inventing yet-another-cache in the tree.
(Apologies if socache is what you're using already)
Regards,
Graham
--
Re: Visiting mod_authn_cache
Posted by Issac Goldstand <ma...@beamartyr.net>.
Issac Goldstand wrote:
> Paul (or anyone else interested),
> Any interested in visiting mod_authn_cache over the hackathon? I
> won't be there physically but have been working on the template that was started at the mod-auth project @ sourceforge.
[snip]
I've actually gotten everything working except for the timeout thing.
I'm probably missing something obvious in C, but this is what I'm doing...
I've got a timeout period set as a apr_short_interval_time_t, a
timestamp on each cache entry set as an apr_time_t, and I populate the
latter with apr_time_now() when I add the cache entry and compare if
(cache timestamp + the timeout < apr_time_now()) then use the cached
credentials, otherwise delete the old cache entry.
The odd thing is that I *never* get the else to run. Ever.
I've attached the codebase as I've modified it so far (no commit access
to mod-auth @ SF), and a sample config that I'm using is:
LogLevel debug
AuthType Basic
AuthName "Test"
AuthBasicProvider file cache
AuthnCacheTimeout 1
AuthnCacheProvider pam
AuthUserFile /root/test.htpasswd
require valid-user
This results in log entries like the following:
[Mon Nov 02 08:34:29 2009] [debug] mod_authn_cache.c(184): [client
10.1.1.92] No entry for user issacg
[Mon Nov 02 08:34:29 2009] [info] [client 10.1.1.92] Creating new cache
entry for user issacg 0
[Mon Nov 02 08:34:29 2009] [debug] mod_authn_cache.c(162): [client
10.1.1.92] Found entry for user issacg
[Mon Nov 02 08:34:29 2009] [info] [client 10.1.1.92] Entry for user
issacg matches cached password. Authenticating.
[Mon Nov 02 08:34:29 2009] [debug] mod_authn_cache.c(162): [client
10.1.1.92] Found entry for user issacg
If I wait a few seconds and try again, the same repeats (it says "No
entry for..." and never shows the "Entry for user timed out"
Any ideas?
Issac
Re: Visiting mod_authn_cache
Posted by Issac Goldstand <ma...@beamartyr.net>.
Issac Goldstand wrote:
> Paul (or anyone else interested),
> Any interested in visiting mod_authn_cache over the hackathon? I
> won't be there physically but have been working on the template that was started at the mod-auth project @ sourceforge.
[snip]
I've actually gotten everything working except for the timeout thing.
I'm probably missing something obvious in C, but this is what I'm doing...
I've got a timeout period set as a apr_short_interval_time_t, a
timestamp on each cache entry set as an apr_time_t, and I populate the
latter with apr_time_now() when I add the cache entry and compare if
(cache timestamp + the timeout < apr_time_now()) then use the cached
credentials, otherwise delete the old cache entry.
The odd thing is that I *never* get the else to run. Ever.
I've attached the codebase as I've modified it so far (no commit access
to mod-auth @ SF), and a sample config that I'm using is:
LogLevel debug
AuthType Basic
AuthName "Test"
AuthBasicProvider file cache
AuthnCacheTimeout 1
AuthnCacheProvider pam
AuthUserFile /root/test.htpasswd
require valid-user
This results in log entries like the following:
[Mon Nov 02 08:34:29 2009] [debug] mod_authn_cache.c(184): [client
10.1.1.92] No entry for user issacg
[Mon Nov 02 08:34:29 2009] [info] [client 10.1.1.92] Creating new cache
entry for user issacg 0
[Mon Nov 02 08:34:29 2009] [debug] mod_authn_cache.c(162): [client
10.1.1.92] Found entry for user issacg
[Mon Nov 02 08:34:29 2009] [info] [client 10.1.1.92] Entry for user
issacg matches cached password. Authenticating.
[Mon Nov 02 08:34:29 2009] [debug] mod_authn_cache.c(162): [client
10.1.1.92] Found entry for user issacg
If I wait a few seconds and try again, the same repeats (it says "No
entry for..." and never shows the "Entry for user timed out"
Any ideas?
Issac