On 2005.02.08, John Sequeira <[EMAIL PROTECTED]> wrote:
>
> I believe for most of the world's departmental web servers which run
> IIS, mod_proxy is not really a good option. Although it runs well on
> Windows and could sit in front of IIS/AOLServer, it breaks important
> things like integrated security, and you end up with a few more
> moving parts than you really want to have.
When you say "integrated security" are you talking about the NTLM auth
scheme for HTTP? As long as mod_proxy properly handles HTTP Keep-Alive,
and recent Apache mod_proxy does, NTLM auth should work just fine.
Integrated Windows Authentication
http://www.microsoft.com/resources/documentation/iis/6/all/proddocs/en-us/sec_auth_intwinauth.mspx
| Integrated Windows authentication (formerly called NTLM, and also
| referred to as Windows NT Challenge/Response authentication) [...]
Perhaps there's another way it "breaks" NTLM auth that I'm not aware of,
but a quick Google indicates mod_proxy can be used just fine in front of
IIS with NTLM auth:
http://lists.samba.org/archive/jcifs/2003-November/002750.html
> I didn't realize that a standard module might be able to handle this.
> So this doesn't necessarily require a core hack unless it has special
> thread or performance requirements?
That's my assumption based on my limited understanding of FastCGI, yes.
I'd be happy to work on an initial proof-of-concept implementation if
you think there's a real application for it. I'm still not convinced
that anyone would seriously run AOLserver as a FastCGI app. fronted with
another webserver. Or, to rephrase: anyone who's willing to do so with
the necessary performance impact that it will entail ought to look at a
simpler solution like mod_proxy or some other reverse proxy software.
> And even if it does, the multi-protocol patches that may make it into
> 4.1.0 would address this type of extensibility?
The improvements in 4.1.0 may or may not have any bearing on either
serving FastCGI under AOLserver and/or making AOLserver run as a FastCGI
app. under another webserver. It depends on what support in the core is
actually required to make either work.
> I'm not sure about the fastcgi library's thread safety... that will be
> easy to find out.
Yes and no. If the code is definitely not thread-safe, it's probably
documented. However, often code will be declared thread-safe that
isn't ... that's when we'll feel pain. :-)
-- Dossy
--
Dossy Shiobara mail: [EMAIL PROTECTED]
Panoptic Computer Network web: http://www.panoptic.com/
"He realized the fastest way to change is to laugh at your own
folly -- then you can let go and quickly move on." (p. 70)
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]>
with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject:
field of your email blank.
