[KLUG Members] Authentication in Apache 2.0 (Joys of Upgrading)

[Robert G. Brown]

Adam Williams <awilliam@whitemice.org> wrote:

>I was using Apache 2.x with htaccess files and it work.
Version?
Were you loading the PHP load module? (Just curious, this just occured
to me).

>However,  the  loading of the authentication modules did initially fail;
>evidenced by  so-and-so has seg faulted messages in /var/log/httpd/error.log.
Yeah, mine all loooked like:
[notice] child pid 2032 exit signal Segmentation fault (11)
After the timestamp stuff. No module or anything identified. Not 
really the greatest diagnostic. I'd prefer even a cryptic error message.
I've even considered debugging this (can't be worse than MY code! :).

>While apache seemed to work fine.  That may or may not have to do with the 
>particular apache module I was using for authenticaion (mod_auth_ldap),  
>recompiling fixed it (odd?).
Maybe odd.. maybe library linking problems, maube headers outta synch with 
binaries ... were there lots of warnings in the build?

But overall, I tend to agree; it's a module-by-module problem. Either the
module is working with the new API, or it probably isn't. I haven't taken
the time to study the new API specification, so I won't comment yet on how
big the change is, but my understanding is that a lot of things have changed.
It does boggle my mind more than a little to think that a module as commonly
used as mod_auth is not released in tip-top shape, if in fact that is the
problem.

>But due to various problems (unable to compile PHP) I've abandoned and 
>gone back to apache 1.3.27
Interesting! I know you do not abandon this kind of thing easily...
Did you find the rollback difficult? I'm considering unwinding all
those dependencies...try any shortcuts?

>>There are advisories against using Apache 2 and PHP on a "production"
>>server; this server will not be considered production until those is-
>>sues are resolved... It is useful to configure and test this migration
>>NOW, rather than wait...
>We've tested and been beaten senseless.
Oh? Please describe waht you mean by "beaten senseless"... sonething I
can look for in volume testing?

>Actually we never really tested since compiling PHP against Apache 2.x
>requires magic beyond our abilities.
Please, details. Versions, problems with compiling? Seems like the 
problems are pretty severe if one can't build this stuff...I wonder
how it was built to start with...
Need a Sourceware[sm] CD set? :)

>>Do others have the same experience? Is there some terrible flaw in
>>authentication, or something really radically new? Why is this 
>>aspect of migration (after checking file permissions, ownerships, 
>>paths, etc.) proving to be so difficult? I would think that as this
>>is a fairly direct port from a working 1.3.x server, the problems
>>would be fairly easily resolved, especially as there are no notes
>>that related to this in moving from 1.3.x to 2.0.x....
>Yes, the documentation on moving from 1.3.x to 2.0.x is scant to
>say the least.
Scant to the point that one might hink the migration to be almost
trivial, or the bulk of the documentation is unwriiten, or unposted.
Status of each module might be nice...as would a minimal module 
configuration, in addition to/insteas of rebulding...

Overall, it looks like you are verifying/validating my experience (I
don't relish being right about these things). Please verify this and
supply a bit more detail (in your copious free time, of course! :).

One workaround I am thinking about is moving off mod_auth and writing
my own user authentication/password scheme as part of the login of the
website/application. Really, using SSL, one can do more secure logins
than any of the mod_auths provide. A possible excpetion to this is the
new mod_auth_digest, which is support by what clients??

						Regards,
						---> RGB <---