[KLUG Members] Authentication in Apache 2.0 (Joys of Upgrading)

[Adam Williams]

>I am pleased to say that I have resolved all the problems with
>the numerous web sites being moved to a new web server, running
>Apache 2. 
>Everything except authentication, that is.
>I had taken virtual host definitions from a working 1.3.x server,
>changed some paths, and used that as the basis for the 2.0
>virtual host section.
>Eventually, once I'd corrected some errors, all the web sites were 
>working...except, it finally occurred to me, for the web sites that 
>had authentication set up (no .htaccess files for me, I prefer set-
>ting all this in the virtual host definitions). I commented out the

I was using Apache 2.x with htaccess files and it work.  However,  the 
loading of the authentication modules did initially fail; evidenced by 
so-and-so has seg faulted messages in /var/log/httpd/error.log.  While 
apache seemed to work fine.  That may or may not have to do with the 
particular apache module I was using for authenticaion (mod_auth_ldap),  
recompiling fixed it (odd?).

But due to various problems (unable to compile PHP) I've abanonded and 
gone back to apache 1.3.27

>There are advisories against using Apache 2 and PHP on a "production"
>server; this server will not be considered production until those is-
>sues are resolved (the latest PHP release does NOT seem to resolve 
>these issues, or even address them). It is useful to configure and test 
>this migration NOW, rather than wait until all of these issues have
>been resolved, at which time the server can be upgraded, tested, and
>put into production. 

We've tested and been beaten senseless.  Actually we never really tested 
since compiling PHP against Apache 2.x requires magic beyond our 
abilities.

>Do others have the same experience? Is there some terrible flaw in
>authentication, or something really radically new? Why is this 
>aspect of migration (after checking file permissions, ownerships, 
>paths, etc.) proving to be so difficult? I would think that as this
>is a fairly direct port from a working 1.3.x server, the problems
>would be fairly easily resolved, especially as there are no notes
>that related to this in moving from 1.3.x to 2.0.x....

Yes, the documentation on moving from 1.3.x to 2.0.x is scant to say the 
least.