Welcome! Log In Create A New Profile

Re: a digest authentication module

Forum List Message List New Topic Print View

Alexandr Gomoliako

November 05, 2011 08:52PM

On Sat, Nov 5, 2011 at 9:34 PM, Samizdat Drafting Co.
<drafting@samizdat.cc> wrote:
> i've recently been working on a digest auth module for nginx and have
> some functional (but untested) code posted here:
> https://github.com/samizdatco/ngx-http-auth-digest
>
> for the most part it seems to obey the RFC and is compatible with the
> browsers i've tried, so i'm confident that with a bit more work it
> could actually be usable in practice.
>
> however i've run into a few roadblocks along the way, mostly relating
> to saving state across requests and i wondered if anyone here could
> point me in the right direction as i try to make it work in a way that
> doesn't kill performance with mutex contention or i/o blocking.
>
> the current implementation stores state in a shm-segment rbtree. this
> works well so long as the amount of state doesn't exceed what was
> allocated at config time, but that's hard to guarantee under high load
> (and given the potentially long lifetimes for the tree nodes). is it
> possible to grow the shm size after config? and if not, is this a sign
> that i should actually be using the file system to cache this data
> instead?

There is no special function to grow shm size, if that's what you're
wondering. And I think keeping it simple is the right thing to do at this
point.

> i'm also a little confused as to how the module should schedule a
> recurring node-expiration callback that purges stale entries from the
> rbtree. at the moment the purge function is called at the top of every
> request, which feels like the wrongest possible way to do it. i've
> seen mention of the cleanup hook attached to the request's pool. is
> this a more appropriate place to run or are there other problems
> associated with that?

Well, it's up to you to decide. But since entries are completely unrelated
to the request you should probably move expiration somewhere else.

> these and other questions can be found here:
> https://github.com/samizdatco/ngx-http-auth-digest/issues
>
> personally i'm looking forward to a day where i no longer need apache
> if i want to use digest authentication, so i'd love to get this module
> to a reasonably trustworthy state. any feedback or guidance (or code!)
> you could offer would be a great help.

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
a digest authentication module	Samizdat Drafting Co.	1777	November 05, 2011 03:36PM
Re: a digest authentication module	Alexandr Gomoliako	586	November 05, 2011 08:52PM
Re: a digest authentication module	Samizdat Drafting Co.	448	November 17, 2011 04:30PM
Re: a digest authentication module	Alexandr Gomoliako	736	November 17, 2011 05:00PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 159

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018