You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Steven Hajducko <St...@DigitalInsight.com> on 2004/11/17 20:13:36 UTC

[users@httpd] Apache, Samba and authentication.

We're having a bit of a fix here at the moment.

We have Apache 2.0 running on AIX 5.2.  We're using samba to authenticate
against an NT domain.  Everything in the setup is working fine.  The problem
comes in that for every image on the page, apache tries to authenticate
again.  Which means that it goes back through samba to the NT domain, each
and every time.  This slows down the connection performance quite a bit.

Is there anyway to get apache to cache the authentication?  We've tried
mod_authenticache, but it just core dumps and we haven't been able to fix it
yet.  At the moment, we're looking for any other solution.   We've tested
with LDAP and Active Directory and we got it to work there, but
unfortunately, we have to wait until our MIS department moves over to AD to
be able to implement it that way.  We also tried looking at winbind, but it
requires PAM and we're not about to but that on our AIX boxes.

Any hints or points in the right direction would be appreciated.

Thanks,

sh

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Apache, Samba and authentication.

Posted by Shannon Eric Peevey <sp...@unt.edu>.

Drew Broadley (Work) wrote:
> 
> Steven Hajducko wrote:
> 
>> We're having a bit of a fix here at the moment.
>>
>> We have Apache 2.0 running on AIX 5.2.  We're using samba to authenticate
>> against an NT domain.  Everything in the setup is working fine.  The 
>> problem
>> comes in that for every image on the page, apache tries to authenticate
>> again.  Which means that it goes back through samba to the NT domain, 
>> each
>> and every time.  This slows down the connection performance quite a bit.
> 
> 
> My suggestion to this is having another setup of Apache on another port 
> and make that something like images.domain.com and proxy that through 
> mod_rewrite that all /img/ or whatever you images path is gets proxied 
> through to the NON authed server. Then reference all your images through 
> images.domain.com.
> 
> 
If you are using mod_perl, then Apache::AuthenCache will fix this 
problem, and I know that there are ported versions floating around. 
(Ones that work with MP2 as well).  If we can pull one of those that 
work with both MP1 and MP2 out of the woodwork, I can upload a version 
to CPAN for general consumption.

This repeat hitting of the auth server is an unfortunate side-effect of 
HTTP being stateless.  Therefore, each request to the server must be 
treated as if it were the first request and checked for authenticity. 
Many of the authen modules built in C do this caching already, but we 
haven't followed through on this for the mod_perl modules yet.

-- 
Shannon Eric Peevey                     =>  "speeves"
Dyno-Mite! System Administrator         =>  speeves@unt.edu
Central Web Support                     =>  (940) 369-8876
University of North Texas               =>  http://web2.unt.edu

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Apache, Samba and authentication.

Posted by "Drew Broadley (Work)" <dr...@iplaynz.com>.

Steven Hajducko wrote:
> We're having a bit of a fix here at the moment.
> 
> We have Apache 2.0 running on AIX 5.2.  We're using samba to authenticate
> against an NT domain.  Everything in the setup is working fine.  The problem
> comes in that for every image on the page, apache tries to authenticate
> again.  Which means that it goes back through samba to the NT domain, each
> and every time.  This slows down the connection performance quite a bit.

My suggestion to this is having another setup of Apache on another port 
and make that something like images.domain.com and proxy that through 
mod_rewrite that all /img/ or whatever you images path is gets proxied 
through to the NON authed server. Then reference all your images through 
images.domain.com.


-- 
Cheers,
Drew Broadley

``An expert knows all the answers,
if you ask the right questions.''

-----------------------------
   Company: iPlay NZ Ltd.
    E-mail: drew@iplaynz.com
     Phone: +6463574568
   Website: www.iplaynz.com
-----------------------------


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org