Sorry for the late answer...:(
Hmm... My thought would have been that Apache::AuthenCache would do the trick... What are the exact symptoms when you use AuthenCache? Are you still hitting the Domain controller for every request?
Yes, still like DoS...
The excerpt from X, (sorry, I forgot their name :( ), uses a semaphore to maintain the connection, where
Haven't tried this, but I was told to add this to the module: (Version 0.6, Debian Release)
<snip> sub authen { my @args = @_;
# Truncate everything to length 80 to avoid poor coding practices in the # smbvalid.a (buffer overflows) PMK--fixme in smbvalid.a when possible. for my $i ( 0..$#args ) { $args[$i] = substr($args[$i], 0, 80); }
my($username, $password, $server, $backup, $domain) = @args;
#new: open L, "> /tmp/AuthenSmb.lck" or die "Can't open /tmp/AuthenSmb.lck: $!\n"; #new: flock L, LOCK_EX; my $res = Valid_User($username, $password, $server, $backup, $domain); #new: close L;
return $res } <snip>
This changes work, but I don't know how secure this solution is.
How secure is 'return OK unless $r->is_initial_req;'? What's the
(technical) difference between the initial and the rest? Isn't
it easy to fake at this point?=
'return OK unless $r->is_initial_req;'
uses a flag in the request object to bypass the authentication module if the flag is set. (It is set after the first successful pass through the module. Therefore, you have an increase in efficiency, (no I/O calls), and you are playing within Apache and mod_perl. (Plus, the username/password and server information are not left lying around in storage for someone to find ;) )
HTH,
-- Shannon Eric Peevey => "speeves" Dyno-Mite! System Administrator => [EMAIL PROTECTED] Central Web Support => (940) 369-8876 University of North Texas => http://web2.unt.edu
-- Report problems: http://perl.apache.org/bugs/ Mail list info: http://perl.apache.org/maillist/modperl.html List etiquette: http://perl.apache.org/maillist/email-etiquette.html
