NAME

Apache::AuthenDBMCache - Authentication caching

SYNOPSIS

# In your httpd.conf

PerlModule Apache::AuthenDBMCache

# In httpd.conf or .htaccess:

AuthName Name
AuthType Basic

PerlAuthenHandler Apache::AuthenDBMCache <Primary Authentication Module> Apache::AuthenDBMCache::manage_cache

# Typical constraints one of these

require valid-user
require user larry moe curly

# Optional parameters/Defaults are listed to the right.

PerlSetVar AuthenDBMCache_TTL           900 # Default: 3600 sec
PerlSetVar AuthenDBMCache_Debug         On  # Default: Off

DESCRIPTION

Apache::AuthenDBMCache implements a caching mechanism in order to speed up authentication and to reduce the usage of system resources. It must be used in conjunction with a regular mod_perl authentication module (we use it to accelerate AuthenURL and AuthenSMB methods but it can be used with any perl authentication module).

When a authorization request is received this handler uses a DBM data base cache to answer the request. Each entry in the cache is indexed by a key which is a hash of user name, the authentication "realm", the authentication parameters and the password. The value at the key is an expiration date. If the supplied user name and password hash to a key which exists and has not expired then the handler returns OK and clears the downstream Authen handlers from the stack. Otherwise, it returns DECLINED and allows the next PerlAuthenHandler in the stack to be called.

After the primary authentication handler completes with an OK, AuthenDBMCache::manage_cache adds the new hash to the cache with an appropriate expiration date.

CONFIGURATION OPTIONS

The following variables can be defined within the configuration of Directory, Location, or Files blocks or within .htaccess files.

PerlSetVar AuthenDBMCache_TTL 3600

The AuthenDBMCache_TTL variable contains the "Time to Live" in seconds of entries within the cache. The default value is one hour (3600 seconds). When entries are created in the cache they're marked with an expiration date calculated from the TTL value.

PerlSetVar AuthenDBMCache_Debug off

If the AuthenDBMCache_Debug variable is set to "on" some debugging messages are logged.

FUNCTIONS

The function Apache::AuthenDBMCache::ExpireCache will expire all cache entries that are no longer current.

BUGS/BEWARE

The cache files (cache.dir and cache.pag in the /var/adm/authen-web directory) should exist and belong to the userid of the web server. They should be protected so that nobody else can read them. The module will croak if it cannot access the data.

We make no effort to lock the database. The worst case that can happen is we return a false negative and that has no serious consequences.

Other processes are required to purge the cache of entries which have expired -- use the Apache::AuthenDBMCache::ExpireCache function. A periodic job that invokes perl like this will suffice

perl -MApache::AuthenDBMCache -e Apache::AuthenDBMCache::ExpireCache

SEE ALSO

httpd(8), mod_perl(1), MD5

AUTHORS

Reg Quinton <reggers@uwaterloo.ca> from AuthenCache by Jason Bodnar and Christian Gilmore.

COPYRIGHT

Copyright (C) 2002, Reg Quinton. AuthenCache Copyright (C) 1998-2001, Jason Bodnar.

This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.