Return-Path: Delivered-To: apmail-perl-modperl-archive@www.apache.org Received: (qmail 82582 invoked from network); 2 Jun 2004 03:19:58 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 2 Jun 2004 03:19:58 -0000 Received: (qmail 44106 invoked by uid 500); 2 Jun 2004 03:20:02 -0000 Delivered-To: apmail-perl-modperl-archive@perl.apache.org Received: (qmail 44092 invoked by uid 500); 2 Jun 2004 03:20:01 -0000 Mailing-List: contact modperl-help@perl.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Delivered-To: mailing list modperl@perl.apache.org Received: (qmail 44075 invoked by uid 99); 2 Jun 2004 03:20:01 -0000 X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C44850.64D882C6" Subject: AuthCookieNTLM and browser hangs Date: Wed, 2 Jun 2004 15:19:19 +1200 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: AuthCookieNTLM and browser hangs Thread-Index: AcRIUGiAGMHFiY5/Rl2XtGDWaYFeuQ== From: "Brett Beaumont" To: Cc: "Brendon Price" X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N ------_=_NextPart_001_01C44850.64D882C6 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable All, We are testing AuthCookieNTLM to secure our Intranet. We are running = Apache 1.3, mod_perl, and AuthCookieNTLM. Our requests are also = rewritten using mod_rewrite. If we hit the server quickly enough, and = with enough requests, the browsers start to hang. This problem only = occurs in our UAT environment, while the module works really well in = dev. Some of our users are logged into a different domain and do get prompted = for their credentials on the domain we authenticate against. However, if = enough of these users attempt to log in to the intranet at once, the = browsers start to hang during the authentication process. Once one = browser is hung, I can point a new browser window at our intranet and = the first browser window kicks back into life, and the new browser = window hangs.=20 It seems like the lock is getting stuck somewhere. Once the = authentication is complete, and the authentication cookie issued, the = user can continue to browse the intranet successfully. Has anybody else experienced a similar problem with this module? Many thanks, Brett Beaumont Relevant KeepAlive and server settings: ServerType standalone Timeout 300 # # Keepalives must be on for NTLM auth # Unlimited number of keep alive requests, 5 minute timeout KeepAlive On MaxKeepAliveRequests 0 KeepAliveTimeout 5 # StartServers 20 MinSpareServers 10 MaxSpareServers 40 MaxClients 255 MaxRequestsPerChild 1000 #---------------------------------------- # /intranet is NTLM Authenticated # Unauthenticated access is allowed from # localhost and 1 remote IP Address #---------------------------------------- PerlAuthenHandler Apache::AuthCookieNTLM AuthType ntlm,basic AuthName DOMAIN PerlAddVar ntdomain "DOMAIN DC1" PerlSetVar ntlmauthoritative on PerlSetVar basicauthoritative on PerlSetVar defaultdomain DOMAIN PerlSetVar fallbackdomain DOMAIN PerlSetVar splitdomainprefix 1 PerlSetVar ntlmdebug 1 Require valid-user RewriteEngine On RewriteRule ^/.*/$ /target%{REQUEST_URI} [P] RewriteRule ^/.*$ /target%{REQUEST_URI} [P] order Allow,Deny allow from 127.0.0.1 Satisfy any Important: This electronic mail message and attachments (if any) are = confidential and may be legally privileged. If you are not the intended = recipient please contact us immediately and destroy this message. You = may not legally copy, disclose, disseminate or use the contents in any = way. Thank you. ------_=_NextPart_001_01C44850.64D882C6 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable AuthCookieNTLM and browser hangs

All,

We are testing AuthCookieNTLM to secure = our Intranet. We are running Apache 1.3, mod_perl, and AuthCookieNTLM. = Our requests are also rewritten using mod_rewrite. If we hit the server = quickly enough, and with enough requests, the browsers start to hang. = This problem only occurs in our UAT environment, while the module works = really well in dev.

Some of our users are logged into a = different domain and do get prompted for their credentials on the domain = we authenticate against. However, if enough of these users attempt to = log in to the intranet at once, the browsers start to hang during the = authentication process. Once one browser is hung, I can point a new = browser window at our intranet and the first browser window kicks back = into life, and the new browser window hangs.

It seems like the lock is getting stuck = somewhere. Once the authentication is complete, and the authentication = cookie issued, the user can continue to browse the intranet = successfully.

Has anybody else experienced a similar = problem with this module?

Many thanks,

Brett Beaumont


Relevant KeepAlive and server = settings:

ServerType standalone
Timeout 300
#
# Keepalives must be on for NTLM = auth
# Unlimited number of keep alive = requests, 5 minute timeout
KeepAlive On
MaxKeepAliveRequests 0
KeepAliveTimeout 5
#
StartServers 20
MinSpareServers 10
MaxSpareServers 40
MaxClients 255
MaxRequestsPerChild 1000


#----------------------------------------
# /intranet is NTLM = Authenticated
# Unauthenticated access is = allowed from
# localhost and 1 remote IP = Address
#----------------------------------------
<Location = /intranet>
  PerlAuthenHandler = Apache::AuthCookieNTLM
  AuthType = ntlm,basic
  AuthName DOMAIN

  PerlAddVar ntdomain = "DOMAIN DC1"

  PerlSetVar = ntlmauthoritative on
  PerlSetVar = basicauthoritative on

  PerlSetVar defaultdomain = DOMAIN
  PerlSetVar fallbackdomain = DOMAIN
  PerlSetVar = splitdomainprefix 1
  PerlSetVar ntlmdebug = 1
  Require valid-user

  RewriteEngine On
  RewriteRule ^/.*/$ = /target%{REQUEST_URI} [P]
  RewriteRule ^/.*$ = /target%{REQUEST_URI} [P]

  order Allow,Deny
  allow from = 127.0.0.1
  Satisfy any
</Location>

Important:  This electronic mail = message and attachments (if any) are confidential and may be legally = privileged.  If you are not the intended recipient please contact = us immediately and destroy this message.  You may not legally copy, = disclose, disseminate or use the contents in any way.  Thank = you.

------_=_NextPart_001_01C44850.64D882C6--