Re: Requests to the same process

[Perrin Harkins]

On Sun, 2004-07-04 at 19:38, Jean-Michel Hiver wrote:
  The idea is to get always the same apache process to handle requests 
  from the same client.
  
  I need this because I want to use something that is in memory, in a 
  mod_perl variable.
 
 You need a session to uniquely identify clients. There are a horde of 
 module on CPAN to help you do that.
 
 http://search.cpan.org/search?query=apache+session
 
 
 Also if you want to keep stuff in memory that is shared between 
 processes, memcached should do the trick quite neatly.
 
 http://search.cpan.org/~bradfitz/Cache-Memcached/Memcached.pm

Agreed, there is no way to control which process a particular client
will connect to.  Memcached may or may not be helpful though.  Memcached
works by serializing data with storable, sending it off to a separate
daemon process, and then fetching it back from the daemon later and
de-serializing it.  It won't work at all for things like database
handles or most objects involving XS code or anything else that Storable
can't handle.  It's also not as fast as actually using something in
memory in the current process.  Whether or not it works for this problem
depends on what is in that variable.

- Perrin


-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html

Apache::AuthenNTLM behind a proxy

[Andrew Green]

Hi,

I've got a problem trying to set up Apache::AuthenNTLM to secure the 
administration area for our (mod_perl-based) CMS.

The server setup is as follows:

* A lightweight port-80 instance of Apache, which deals with
  all requests for static content, and proxies everything else
  over to...
  
* A mod_perl-centric, port-8080 instance of Apache, which
  deals with all the dynamic, mod_perl-generated content

I've setup the authentication on the administration area in the 
httpd.conf file for the backend, port-8080 server to use AuthenNTLM.  
When I access a test script directly on the port:8080 server, the 
authentication works a dream.  This seems to confirm, to me, that the 
settings are basically correct.

However, when I try to access the authenticated area through the 
frontend, port-80 server, the authentication doesn't work.  The client  
gets a variation on the little grey box of Basic Authentication, this 
time with a domain field added.  Entering details into the box only 
brings the box back, however.

KeepAlive is on for both Apaches.  I've enabled PerlSetVar ntlmdebug 
2, and the output for each situation is below.  I've asterisked out 
anything that I think might be unwise to post on a public forum; if it 
turns out that some of that is needed to figure out what's going on, 
I'll be glad to revise that heuristic!

Firstly, the direct attempt (which worked):

[14925] AuthenNTLM: Config Domain = domain1  pdc =   bdc = 
[14925] AuthenNTLM: Config Default Domain = domain1
[14925] AuthenNTLM: Config Fallback Domain = 
[14925] AuthenNTLM: Config AuthType = ntlm AuthName = CMS NTLM 
Authentication Test
[14925] AuthenNTLM: Config Auth NTLM = 1 Auth Basic = 0
[14925] AuthenNTLM: Config NTLMAuthoritative = on  BasicAuthoritative = 
on
[14925] AuthenNTLM: Config Semaphore key = 23754 timeout = 2
[14925] AuthenNTLM: Authorization Header not given
[Mon Jul  5 15:03:23 2004] [error] access to /res/env.cgi failed for  , 
reason: Bad/Missing NTLM/Basic Authorization Header for /res/env.cgi
[14925] AuthenNTLM: Start NTLM Authen handler pid = 14925, connection = 
156590692 conn_http_hdr = Keep-Alive  main =  cuser =  remote_ip =  
remote_port =  remote_host =   version = 0.23
[14925] AuthenNTLM: Object exists user = \
[14925] AuthenNTLM: Authorization Header NTLM 
TlRMTVNTUAABB7IAoAcABwAoCAAIACBXQkMtVFMtMURPTUFJTjE=
[14925] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 1 0 0 0 7 178 0 160 7 0 
7 0 40 0 0 0 8 0 8 0 32 0 0 0 87 66 67 45 84 83 45 49 68 79 77 65 73 78 
49
[14925] AuthenNTLM: protocol=NTLMSSP, type=1, 
flags1=7(NEGOTIATE_UNICODE,NEGOTIATE_OEM,REQUEST_TARGET), 
flags2=178(NEGOTIATE_ALWAYS_SIGN,NEGOTIATE_NTLM), domain length=7, 
domain offset=40, host length=8, host offset=32, host=WBC-TS-1, 
domain=DOMAIN1
[14925] AuthenNTLM: Connect to pdc =  bdc =  domain = domain1
[14925] AuthenNTLM: timed out while waiting for lock (key = 23754)
[14925] AuthenNTLM: leave lock
[14925] AuthenNTLM: Send: 78 84 76 77 83 83 80 0 2 0 0 0 0 0 0 0 40 0 0 
0 1 130 0 0 216 117 139 24 181 48 159 61 0 0 0 0 0 0 0 0
[14925] AuthenNTLM: charencoding = 1
[14925] AuthenNTLM: flags2 = 130
[14925] AuthenNTLM: nonce=Øuµ0=
[14925] AuthenNTLM: Send header: NTLM 
TlRMTVNTUAACACgBggAA2HWLGLUwnz0AAA==
[14925] AuthenNTLM: Start NTLM Authen handler pid = 14925, connection = 
156590692 conn_http_hdr = Keep-Alive  main =  cuser =  remote_ip =  
remote_port =  remote_host =   version = 0.23
[14925] AuthenNTLM: Object exists user = \
[14925] AuthenNTLM: Authorization Header NTLM 
TlRMTVNTUAADGAAYAG4YABgAhg4ADgBAEAAQAE4QABAAXgCeBYIAAEQATwBNAEEASQBOADEAYQByAHQAaQBjAGwAZQA3AFcAQgBDAC0AVABTAC0AMQBDF+KMFTHlqAmWaSgr17JBJVr6fpDj9dGBGDYhHPRVxYNQsYcPvPYUSpQoEYrg0T8=
[14925] AuthenNTLM: Got: 78 84 76 77 83 83 80 0 3 0 0 0 24 0 24 0 110 0 
0 0 24 0 24 0 134 0 0 0 14 0 14 0 64 0 0 0 16 0 16 0 78 0 0 0 16 0 16 0 
94 0 0 0 0 0 0 0 158 0 0 0 5 130 0 0 68 0 79 0 77 0 65 0 73 0 78 0 49 0 
97 0 114 0 116 0 105 0 99 0 108 0 101 0 55 0 87 0 66 0 67 0 45 0 84 0 
83 0 45 0 49 0 67 23 226 140 21 49 229 168 9 150 105 40 43 215 178 65 
37 90 250 126 144 227 245 209 129 24 54 33 28 244 85 197 131 80 177 135 
15 188 246 20 74 148 40 17 138 224 209 63
[14925] AuthenNTLM: protocol=NTLMSSP, type=3, user=, host=, 
domain=DOMAIN1, msg_len=0
[14925] AuthenNTLM: Verify user  via smb server
[14925] AuthenNTLM: OK pid = 14925, connection = 156590692 cuser =  
ip = 


Next, the attempt via the port-80 Apache proxy.  The following is taken 
from the port-8080 error log, so at least some of the data is being 
proxied properly.

[14927] AuthenNTLM: Config Domain = domain1  pdc =   bdc = 
[14927] AuthenNTLM: Config Default Domain = domain1
[14927] AuthenNTLM: Config Fallback Domain = 
[14927] AuthenNTLM: Config AuthType = ntlm AuthName = CMS NTLM 
Authentication Test
[14927] AuthenNTLM: Config Auth NTLM = 1 Auth 

Re: Strange

[William McKee]

On Fri, Jul 02, 2004 at 05:59:11PM -0400, Perrin Harkins wrote:
 It's on CPAN.  Geoffrey Young announced the latest release on this list
 four days ago.

Hi David,

I'd recommend reading Geoffrey's article on perl.com[1] before launching
into the perl.apache.org documentation. Geoffrey has also put together a
skeleton for testing which I cannot find a link to at present. Try
searching the archives of the test-dev mailing list[2] or perhaps
someone on the list can post the location of those resources.


Good luck,
William

[1] http://www.perl.com/pub/a/2003/05/22/testing.html
[2] http://httpd.apache.org/test/

-- 
Knowmad Services Inc.
http://www.knowmad.com

-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html

mp2: PerlSetVar not working?

[Matthew Darwin]

I can't figure out what I'm doing wrong.  I'm trying to pass a value 
from httpd.conf to the module I know this used to work in mp1, but 
I can't seem to get it to work in mp2

Ideas?
Thanks.
httpd.conf
--
PerlModule Apache::Foo
Location /nm/foo
SetHandler perl-script
PerlResponseHandler Apache::Foo
PerlSetVar FooValue FooBarBaz
/Location
Apache/Foo.pm
-
package Apache::Foo;
use Apache::Const -compile = ':common';
use Apache::ServerUtil ();
sub handler {
  my ($r) = @_;
  warn Value of Foo is 1: , $r-server-dir_config (FooValue), \n;
  warn Value of Foo is 2: , $r-dir_config (FooValue), \n;
  return Apache::DECLINED;
}
httpd.error
---
[Mon Jul 05 20:13:12 2004] [notice] Apache/2.0.49 (Unix) 
mod_perl/1.99_14 Perl/v5.8.3 DAV/2 configured -- resuming normal 
operations
[Mon Jul  5 20:13:12 2004] -e: Authd: Opening connection
[Mon Jul  5 20:13:12 2004] -e: Use of uninitialized value in warn at 
.../site_perl/Apache/Foo.pm line 9, GEN0 line 2.
[Mon Jul  5 20:13:12 2004] -e: Value of Foo is 1:
[Mon Jul  5 20:13:12 2004] -e: Use of uninitialized value in warn at 
.../site_perl/Apache/Foo.pm line 10, GEN0 line 2.
[Mon Jul  5 20:13:12 2004] -e: Value of Foo is 2:
[Mon Jul 05 20:13:12 2004] [error] [client 1.2.3.4] File does not 
exist: .../htdocs/nm/foo


--
Matthew Darwin
[EMAIL PROTECTED]
http://www.mdarwin.ca
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html