Return-Path: Delivered-To: apmail-perl-modperl-archive@www.apache.org Received: (qmail 7201 invoked from network); 3 Jun 2004 08:47:59 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 3 Jun 2004 08:47:59 -0000 Received: (qmail 56137 invoked by uid 500); 3 Jun 2004 08:48:07 -0000 Delivered-To: apmail-perl-modperl-archive@perl.apache.org Received: (qmail 56120 invoked by uid 500); 3 Jun 2004 08:48:07 -0000 Mailing-List: contact modperl-help@perl.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Delivered-To: mailing list modperl@perl.apache.org Received: (qmail 56104 invoked by uid 99); 3 Jun 2004 08:48:06 -0000 Date: Thu, 3 Jun 2004 10:46:23 +0200 From: Stefano Ciancio To: "Brett Beaumont" Cc: , "Brendon Price" Subject: Re: AuthCookieNTLM and browser hangs Message-Id: <20040603104623.2453ccbc@roy.pisa.iol.it> In-Reply-To: References: Organization: Italia On Line X-Mailer: Sylpheed version 0.9.10claws (GTK+ 1.2.10; i386-redhat-linux-gnu) X-Face: &4<%@u]l-<(VI5SsS7PZ._vY$?p"2d+N#,tSs6#BLZB\)J3(NzrdLJactFoY#{~O"7c\0_\ kMcl;e>=7L2S}Mk>WXc)':X+-R3;68QT7WuhY%Kj1`xnCw,RgmP*\*KGz&AtT.rpSNcq>ElAsOq:F~ (la%u|^-u|dej_Cyu{q[yvMkg'1w5Qdl4[maLzu(maA3AQViP:bUbMo'v)f6S=g|JCtK$`*xYK All, > > We are testing AuthCookieNTLM to secure our Intranet. We are running Apache > 1.3, mod_perl, and AuthCookieNTLM. Our requests are also rewritten using > mod_rewrite. If we hit the server quickly enough, and with enough requests, > the browsers start to hang. This problem only occurs in our UAT environment, > while the module works really well in dev. > > Some of our users are logged into a different domain and do get prompted for > their credentials on the domain we authenticate against. However, if enough of > these users attempt to log in to the intranet at once, the browsers start to > hang during the authentication process. Once one browser is hung, I can point > a new browser window at our intranet and the first browser window kicks back > into life, and the new browser window hangs. > > It seems like the lock is getting stuck somewhere. Once the authentication is > complete, and the authentication cookie issued, the user can continue to > browse the intranet successfully. > > Has anybody else experienced a similar problem with this module? > > Many thanks, > > Brett Beaumont > > > Relevant KeepAlive and server settings: > > ServerType standalone > Timeout 300 > # > # Keepalives must be on for NTLM auth > # Unlimited number of keep alive requests, 5 minute timeout > KeepAlive On > MaxKeepAliveRequests 0 > KeepAliveTimeout 5 > # > StartServers 20 > MinSpareServers 10 > MaxSpareServers 40 > MaxClients 255 > MaxRequestsPerChild 1000 > > > #---------------------------------------- > # /intranet is NTLM Authenticated > # Unauthenticated access is allowed from > # localhost and 1 remote IP Address > #---------------------------------------- > > PerlAuthenHandler Apache::AuthCookieNTLM > AuthType ntlm,basic > AuthName DOMAIN > > PerlAddVar ntdomain "DOMAIN DC1" > > PerlSetVar ntlmauthoritative on > PerlSetVar basicauthoritative on > > PerlSetVar defaultdomain DOMAIN > PerlSetVar fallbackdomain DOMAIN > PerlSetVar splitdomainprefix 1 > PerlSetVar ntlmdebug 1 > Require valid-user > > RewriteEngine On > RewriteRule ^/.*/$ /target%{REQUEST_URI} [P] > RewriteRule ^/.*$ /target%{REQUEST_URI} [P] > > order Allow,Deny > allow from 127.0.0.1 > Satisfy any > > > Important: This electronic mail message and attachments (if any) are > confidential and may be legally privileged. If you are not the intended > recipient please contact us immediately and destroy this message. You may not > legally copy, disclose, disseminate or use the contents in any way. Thank > you. > > -- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html