[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

apache BASIC authentication w/large userbase

I have a customer who requires BASIC authentication for their site. 
They have a fair amount of traffic as well as a very quickly growing
userbase.  They were on mod_auth_mysql before, but with hundreds of
apache children that is not very practical.

I suggested a change to a signed-session-cookie type system, but they
would not go for that because apparently a disproportionate number of
their end-users disable cookies in their web browser.  Stupid media
privacy paranoia.

The userbase is presently around 100K and growing 5K/day or so.  They
were having things go so slowly that users could not login.  In the
short term we replaced mod_auth_mysql with an apache module I whipped up
to send requests out via UDP to a specified host/port, and wait for a
reply (with a 3 second timeout).  Then I hacked out a quick Perl program
to handle those requests, hit mysql for actual user/password info, and
to cache the user information in ram for the duration of the daemon's

Obviously this won't work forever without a serious change to my caching
strategy, but before I put more work into this mechanism, what do other
folks on the list do for high-traffic, large-userbase BASIC authen?  I
know it's a poor limitation but *shrug* the customer knows their needs.

I figured DBM would be sluggish, and the customer already tried text
files, but moved to mod_auth_mysql when that ran out of steam.

Your Input Is Appreciated.

Jeff S Wheeler               jsw@five-elements.com
Software Development            Five Elements, Inc

To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: