Hi Jerry,
I have a problem with auth_mysql. I am using mod_auth_mysql 2.6.1 under apache 2.0.46 on Redhat Linux Ent ver 3. I have setup mysql authentication for couple of websites under /etc/httpd/conf.d/auth_mysql.conf, there are total of 63 entires for each directories. I have two directories which works initially after i restart apache, and after few mintutes it stops working. I see in the error log
[Wed Feb 23 11:26:42 2005] [error] [client 192.168.32.11.] MySQL ERROR: Access denied for user: 'harry1@localhost' to database 'techinfo'
[Wed Feb 23 11:26:42 2005] [error] [client 192.168.32.11] MySQL user padhos not found: /techinfo
vauge thing is "harry1" is the entry is in the previous section of <Directory>, actually it should pick "harry" which is for techinfo, below is the last three entries, of which last is not working
<Directory /opt/www/somewebsite.com/html/sample>
AuthType basic
AuthName "Somewbsite Sample"
AuthMySQLEnable On
AuthMySQLDB userinfor
AuthMySQLUser harry1
AuthMySQLHost localhost
AuthMySQLPassword helllo12231
AuthMySQLUserTable sample
AuthMySQLNameField customerid
AuthMySQLPasswordField password
AuthMySQLGroupTable dbsample
AuthMySQLGroupField groups
AuthMySQLCryptedPasswords off
#AuthMySQLPwEncryption Plaintext
AuthMySQLAuthoritative On
<Limit GET POST>
order deny,allow
deny from all
Require valid-user
</Limit>
Satisfy Any
</Directory>
<Directory /opt/www/userinfo.com/html/techinfo>
AuthType basic
AuthName "User Access"
AuthMySQLEnable On
AuthMySQLDB techinfo
AuthMySQLUser harry
AuthMySQLHost localhost
AuthMySQLPassword hello1234
AuthMySQLUserTable customers
AuthMySQLNameField customerid
AuthMySQLPasswordField password
AuthMySQLGroupTable customersgroups
AuthMySQLGroupField groups
AuthMySQLCryptedPasswords off
#AuthMySQLPwEncryption Plaintext
AuthMySQLAuthoritative On
<Limit GET POST>
order deny,allow
deny from all
Require group update admins
</Limit>
Satisfy Any
</Directory>
<Directory /opt/www/userinfo.com/html/db_info>
AuthType basic
AuthName "User Access"
AuthMySQLEnable On
AuthMySQLDB techinfo
AuthMySQLUser harry
AuthMySQLHost localhost
AuthMySQLPassword hello1234
AuthMySQLUserTable customers
AuthMySQLNameField customerid
AuthMySQLPasswordField password
AuthMySQLGroupTable customersgroups
AuthMySQLGroupField groups
AuthMySQLCryptedPasswords off
#AuthMySQLPwEncryption Plaintext
AuthMySQLAuthoritative On
<Limit GET POST>
order deny,allow
deny from all
Require group update admins
</Limit>
Satisfy Any
</Directory>
I dont have problem with other 61 entries. Any idea why this is happening?
Thanks in advance.
PAd
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hmmm, this is a strang one. A couple of questions to start:
Do you have AuthMySQLKeepAlive on in any of the directory entries, or did you specify -DKEEPALIVE=1 in your build? This is known to cause problems in Apache 2.0.
Additionally - do you have an .htaccess file in either of the failing directories or directories below them (down to DOCUMENT_ROOT)? If so, what's in these files?
If AuthMySQLKeepAlive is not set, then we depend on Apache to pass us these parameters. I looked through the Apache change log and didn't find anything relating to problems passing parameters to modules. Of course, I could have missed something.
If AuthMySQLKeepAlive is on, I still wouldn't expect you to see this problem, but I guess anything's possible.
So, could you please check on this?
One other possibility I can think of - perhaps there's another problem in your configuration file which is confusing Apache. You might try running
httpd -t
to check your configuration file (if you're not using the default config file location, you will also need the -f parm). Does it show any errors? Note: this can be run while Apache is sitll up.
Thanks,
Jerry
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
AuthMySQLKeepAlive is "on" on 38 other directories (out of 63 directories).
Once i restart the apache, i can login without any issues. I dont have problem if i keep working on same browser. After i close the browser and try with new browser after few minutes it gives the errror message in error.log that mentioned earlier.
"httpd -t" gives "syntax OK".
For compile i went through the steps mentioned in README. I followed the steps for apache2. I did not use any other options other than mentioned in README.
Thanks
PAd
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Ok, the first thing you need to do is to turn AuthMySQLKeepAlive off in all directories. It doesn't do you any good on Apache 2.x, and has been known to cause problems (such as MySQL connections not being cleaned up). Even in Apache 1.x, this was not a complete solution, but at least it didn't cause problems.
You should not see any (or at least much) performance degradation in Apache 2.x.
There are some known areas where we can clean up the performance in both Apache 1.x and Apache 2.x. However, due to the different mechanisms used by Apache (Apache 1.x uses threads, Apache 2.x uses processes), this isn't easy. It requires the use of shared memory and semaphores and is prone to all sorts of potential problems. It's a major change to the code - more so than adding a few features like we have been in the more recent releases (and the upcoming 2.9.0).
That's why the code isn't available yet. Probably once we're happy with the code here, we'll release it as a beta version for testing.
So - please take the parameter off all directories and test again. I suspect it will help.
Jerry
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I can't think of any problems you should have when upgrading. We try to keep each version as compatible with the previous one as possible.
You might want to hold off a little - we're in final test (again) of version 2.9.0. I had planned to upload it the end of last week or the beginning of this, but we ran into some problems during test.
The main difference is the addition of some options to the module.
Jerry
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Jerry,
I have a problem with auth_mysql. I am using mod_auth_mysql 2.6.1 under apache 2.0.46 on Redhat Linux Ent ver 3. I have setup mysql authentication for couple of websites under /etc/httpd/conf.d/auth_mysql.conf, there are total of 63 entires for each directories. I have two directories which works initially after i restart apache, and after few mintutes it stops working. I see in the error log
[Wed Feb 23 11:26:42 2005] [error] [client 192.168.32.11.] MySQL ERROR: Access denied for user: 'harry1@localhost' to database 'techinfo'
[Wed Feb 23 11:26:42 2005] [error] [client 192.168.32.11] MySQL user padhos not found: /techinfo
vauge thing is "harry1" is the entry is in the previous section of <Directory>, actually it should pick "harry" which is for techinfo, below is the last three entries, of which last is not working
<Directory /opt/www/somewebsite.com/html/sample>
AuthType basic
AuthName "Somewbsite Sample"
AuthMySQLEnable On
AuthMySQLDB userinfor
AuthMySQLUser harry1
AuthMySQLHost localhost
AuthMySQLPassword helllo12231
AuthMySQLUserTable sample
AuthMySQLNameField customerid
AuthMySQLPasswordField password
AuthMySQLGroupTable dbsample
AuthMySQLGroupField groups
AuthMySQLCryptedPasswords off
#AuthMySQLPwEncryption Plaintext
AuthMySQLAuthoritative On
<Limit GET POST>
order deny,allow
deny from all
Require valid-user
</Limit>
Satisfy Any
</Directory>
<Directory /opt/www/userinfo.com/html/techinfo>
AuthType basic
AuthName "User Access"
AuthMySQLEnable On
AuthMySQLDB techinfo
AuthMySQLUser harry
AuthMySQLHost localhost
AuthMySQLPassword hello1234
AuthMySQLUserTable customers
AuthMySQLNameField customerid
AuthMySQLPasswordField password
AuthMySQLGroupTable customersgroups
AuthMySQLGroupField groups
AuthMySQLCryptedPasswords off
#AuthMySQLPwEncryption Plaintext
AuthMySQLAuthoritative On
<Limit GET POST>
order deny,allow
deny from all
Require group update admins
</Limit>
Satisfy Any
</Directory>
<Directory /opt/www/userinfo.com/html/db_info>
AuthType basic
AuthName "User Access"
AuthMySQLEnable On
AuthMySQLDB techinfo
AuthMySQLUser harry
AuthMySQLHost localhost
AuthMySQLPassword hello1234
AuthMySQLUserTable customers
AuthMySQLNameField customerid
AuthMySQLPasswordField password
AuthMySQLGroupTable customersgroups
AuthMySQLGroupField groups
AuthMySQLCryptedPasswords off
#AuthMySQLPwEncryption Plaintext
AuthMySQLAuthoritative On
<Limit GET POST>
order deny,allow
deny from all
Require group update admins
</Limit>
Satisfy Any
</Directory>
I dont have problem with other 61 entries. Any idea why this is happening?
Thanks in advance.
PAd
Hi, Pad,
Hmmm, this is a strang one. A couple of questions to start:
Do you have AuthMySQLKeepAlive on in any of the directory entries, or did you specify -DKEEPALIVE=1 in your build? This is known to cause problems in Apache 2.0.
Additionally - do you have an .htaccess file in either of the failing directories or directories below them (down to DOCUMENT_ROOT)? If so, what's in these files?
If AuthMySQLKeepAlive is not set, then we depend on Apache to pass us these parameters. I looked through the Apache change log and didn't find anything relating to problems passing parameters to modules. Of course, I could have missed something.
If AuthMySQLKeepAlive is on, I still wouldn't expect you to see this problem, but I guess anything's possible.
So, could you please check on this?
One other possibility I can think of - perhaps there's another problem in your configuration file which is confusing Apache. You might try running
httpd -t
to check your configuration file (if you're not using the default config file location, you will also need the -f parm). Does it show any errors? Note: this can be run while Apache is sitll up.
Thanks,
Jerry
Jerry,
Thanks for the response.
AuthMySQLKeepAlive is "on" on 38 other directories (out of 63 directories).
Once i restart the apache, i can login without any issues. I dont have problem if i keep working on same browser. After i close the browser and try with new browser after few minutes it gives the errror message in error.log that mentioned earlier.
"httpd -t" gives "syntax OK".
For compile i went through the steps mentioned in README. I followed the steps for apache2. I did not use any other options other than mentioned in README.
Thanks
PAd
PAd,
Ok, the first thing you need to do is to turn AuthMySQLKeepAlive off in all directories. It doesn't do you any good on Apache 2.x, and has been known to cause problems (such as MySQL connections not being cleaned up). Even in Apache 1.x, this was not a complete solution, but at least it didn't cause problems.
You should not see any (or at least much) performance degradation in Apache 2.x.
There are some known areas where we can clean up the performance in both Apache 1.x and Apache 2.x. However, due to the different mechanisms used by Apache (Apache 1.x uses threads, Apache 2.x uses processes), this isn't easy. It requires the use of shared memory and semaphores and is prone to all sorts of potential problems. It's a major change to the code - more so than adding a few features like we have been in the more recent releases (and the upcoming 2.9.0).
That's why the code isn't available yet. Probably once we're happy with the code here, we'll release it as a beta version for testing.
So - please take the parameter off all directories and test again. I suspect it will help.
Jerry
Jerry,
Thanks for the response.
I changed AuthMySQLKeepAlive to "Off" on all directories and restarted the apache. I will monitor for an hour and let you know the deatils.
One question regarding the upgrade!!!
Can i upgrade auth_mysql from 2.6.1 to 2.8.1 without major changes to auth_mysql.conf file? Any issues with it?
Thanks
PAd
PAd,
I can't think of any problems you should have when upgrading. We try to keep each version as compatible with the previous one as possible.
You might want to hold off a little - we're in final test (again) of version 2.9.0. I had planned to upload it the end of last week or the beginning of this, but we ran into some problems during test.
The main difference is the addition of some options to the module.
Jerry