apache BASIC authentication w/large userbase
I have a customer who requires BASIC authentication for their site.
They have a fair amount of traffic as well as a very quickly growing
userbase. They were on mod_auth_mysql before, but with hundreds of
apache children that is not very practical.
I suggested a change to a signed-session-cookie type system, but they
would not go for that because apparently a disproportionate number of
their end-users disable cookies in their web browser. Stupid media
privacy paranoia.
The userbase is presently around 100K and growing 5K/day or so. They
were having things go so slowly that users could not login. In the
short term we replaced mod_auth_mysql with an apache module I whipped up
to send requests out via UDP to a specified host/port, and wait for a
reply (with a 3 second timeout). Then I hacked out a quick Perl program
to handle those requests, hit mysql for actual user/password info, and
to cache the user information in ram for the duration of the daemon's
lifetime.
Obviously this won't work forever without a serious change to my caching
strategy, but before I put more work into this mechanism, what do other
folks on the list do for high-traffic, large-userbase BASIC authen? I
know it's a poor limitation but *shrug* the customer knows their needs.
I figured DBM would be sluggish, and the customer already tried text
files, but moved to mod_auth_mysql when that ran out of steam.
Your Input Is Appreciated.
--
Jeff S Wheeler jsw@five-elements.com
Software Development Five Elements, Inc
http://www.five-elements.com/~jsw/
--
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: