Re: Question: Integrating session user authentication/cgi interaction with static served items

[prev] [thread] [next] [Date index for 2005/02/11]

On Fri, 2005-02-11 at 15:17 -0500, Jonathan Vanasco wrote:
> But I don't see why I can't run mod_auth_tkt as an apache1 server 
> looking for validation for ht_docs, then recreate a compatible 
> authticket generator using mod_perl (which i'd imagine is just an md5 
> of a shared secret + configurable session vars)

Right, that's what we do.  We compile mod_auth_tkt into the proxy
server.

> I could probably even use some other server that just handles static 
> serving and can handle cookies.

Not with mod_auth_tkt, unless it can run apache modules.

> I thought about thttpd, and was looking at the performance chart here: 
> http://www.acme.com/software/thttpd/serverperf.gif - which kinda makes 
> apache look abysmal and zeus godlike.

That graph is 7 years old and many things have changed since then.
thttpd is good for spitting out graphics, as long as you don't need
auth, or SSL, or fancy logging, or URL manipulation, or any of the other
things that make apache useful.  A stripped down apache server does just
fine for serving images on all but the most demanding sites, and it's
simpler than messing with multiple kinds of servers, so it's my first
choice for a proxy/image server.

- Perrin