[mod_python] Credential caching for Apache/mod_python

Graham Dumpleton graham.dumpleton at gmail.com
Thu Dec 10 15:48:35 EST 2009


2009/12/11 Daniel Klaffenbach <daniel.klaffenbach at informatik.tu-chemnitz.de>:
> Hi,
>
> in my setup mod_python is being used for authentication (with
> PythonAuthenHandler). The Authentication process is pretty complex (hybrid
> mySQL/RADIUS).
>
> Authentication with mod_python itself works very well on this setup. However
> there are some speed and server load issues. We are serving mostly SVN and
> WebDAV stuff over https.
>
> Now whenever a user wants to upload a large number of small files to his/her
> DAV share, quite a few WebDAV commands are being issued.
>
> The problem is that for every simple DAV command (PROPFIND, GET,
> OPTIONS,...) the Python auth handler is being asked if the user-provided
> credentials are valid - Apache does not seem to do any caching.
>
> As a result of this the RADIUS and mySQL Servers are being asked for a
> username/password TWICE for every single file the user uploads, downloads or
> just lists in a directory, which is *really* bad.
>
> So my question is: Is there a good way of telling Apache and/or mod_python
> to cache the "apache.OK" reply from the Python auth handler for a few
> seconds?
>
> BTW: I am on Scientific Linux 5.3 with Apache 2.2.3 and mod_python 3.2.8.

You should upgrade to mod_python 3.3.1 for a start, that older
versions has lots of bugs in it.

As to your issue, it is up to you to perform caching within your
authentication handler. You can keep a dictionary cache of whether
someone has successfully authenticated and when. If they requested
previously within some defined period, let them in again without
rechecking authentication. If period to great, expire information in
cache and reauthenticate them against the back end.

Graham


More information about the Mod_python mailing list