Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 32222 invoked from network); 20 May 2008 17:46:41 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 20 May 2008 17:46:41 -0000 Received: (qmail 30049 invoked by uid 500); 20 May 2008 17:46:32 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 30039 invoked by uid 500); 20 May 2008 17:46:31 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 30028 invoked by uid 99); 20 May 2008 17:46:31 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 20 May 2008 10:46:31 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [66.111.4.25] (HELO out1.smtp.messagingengine.com) (66.111.4.25) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 20 May 2008 17:45:35 +0000 Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id AFDAD10A5FE for ; Tue, 20 May 2008 13:45:56 -0400 (EDT) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by compute1.internal (MEProxy); Tue, 20 May 2008 13:45:56 -0400 X-Sasl-enc: MmpEttuEKi2mH3CiANUtq/yZ/ECqrvHOjKi+IKzLrI+z 1211305556 Received: from [127.0.0.1] (unknown [86.43.104.130]) by mail.messagingengine.com (Postfix) with ESMTPSA id C255019C51 for ; Tue, 20 May 2008 13:45:55 -0400 (EDT) Message-ID: <48330CD9.3060105@boboco.ie> Date: Tue, 20 May 2008 19:39:37 +0200 From: Eric Bowman User-Agent: Thunderbird 2.0.0.14 (X11/20080421) MIME-Version: 1.0 To: users@httpd.apache.org References: <42C2C3449D71044F9203DE5513B5E74503E1CA@prcex01.pinerivercapital.local> <882D50F5-D2CD-4041-BCE7-5E953826CDB8@umich.edu> In-Reply-To: <882D50F5-D2CD-4041-BCE7-5E953826CDB8@umich.edu> Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] authenticating 1K+ users Chris Africa wrote: > We have some PHP web sites set up to authenticate users via Cosign > using the AuthGroupFile and Require group directives, with groups and > users defined in an .htaccess file > > I'm setting up a new site that will have 1000+ users over time. I > understand that the single .htaccess file is not the best way to do > authentication with a large group of users. What methods are other > admins out there using to authenticate large groups of users? > > As background, we run a single server running Apache 2.x, Cosign 2.x, > MySQL 5.x on Mac OSX Server 10.5.2. We previously used the Zope > application server which handled our authentication/authorization for > us, so this is new territory for me. > Hi Chris, There's a decent overview of the various common approaches here: http://www.yolinux.com/TUTORIALS/LinuxTutorialApacheAddingLoginSiteProtection.html LDAP would be my own preferred most-scalable approach, although getting it up and running is not for the faint of heart. For 1000+ users probably using MySQL is the most straightforward approach that will work Just Fine. cheers, Eric --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org