Hello, My configuration: * Common: Slackware 10.0, mysql 4.1.21 * Old server: Apache HTTPD 2.0.52, mod_auth_mysql-3.0.0 * New server: Apache HTTPD 2.2.3, mod_dbd, mod_authn_dbd, apr_dbd_mysql.c * Testing with Firefox 1.5 I'm trying to migrate from the old server to the new, using the same, local mysql DB for authentication. mod_auth_mysql didn't seem to compile with httpd 2.2.3, but the DBD stuff seems to have obviated it, so I'm trying that. I'm still running the old server on port 443, while testing the new on another port, until I'm certain I can swap it into proper place. The root path of the site (via either server) requires no authentication, but has three subdirectory hierarchies that require identical authentication. Authentication on the new server appears to work, but not reliably, particularly when moving between these distinct hierarchies - a problem not seen on the old server. When requesting a page from a secure hierarchy, the user might experience (as I define them): * Success - at worst, the user is requested to confirm cached credentials in a pop-up with completed fields. * Cache failure - new credentials are requested from the user in a blank pop-up, but are accepted (though sometimes after more than one try). * Persistent failure - new credentials are requested, but each time rejected (although there is a suggestion that it will start working again after a minute or so; I usually give up before then). In the logs, these appear to correspond to: * Success: an authenticated 200 when moving within a hierarchy; an unauthenticated 401 followed by an authenticated 200 when moving between hierarchies. * Cache failure: two or more 401s, and this in the error log: [user <username>: authentication failure for "<virtual path>": Password Mismatch]. * Persistent failure: 401s with the same error-log entry. Firstly, from a server restart, I experience the following sequence, with some occasional variation each time I experiment: * Entry into a secure hierarchy is usually a success, but occasionally a persistent failure. * Staying within the same hierarchy usually remains successful. * Then, switching back and forth between two hierarchies is also usually successful for about two times. * Then there is a cache failure, then maybe a couple more successes. * Then usually persistent failure. My configuration is based on the example at <http://httpd.apache.org/docs/2.2/mod/mod_authn_dbd.html>, with a few alterations suggested on this list. Global DBD settings: DBDriver mysql DBDPersist Off DBDMin 1 DBDKeep 1 DBDMax 1 The site is a virtual host, configured with: DBDParams "dbname=aaa user=bbb pass=xxxx" (Aside: the example configuration in the docs gives a DBDParams example with "password" instead of "pass" - that caused some lengthy head-scratching.) I "Include" the following into the <Location> for each of the three access-controlled hierarchies: AuthType Basic AuthName "stuff" AuthBasicProvider dbd AuthDBDUserPWQuery "select user_passwd from user_info where user_name = %s" ...and there's a <Location>-specific "Require" directive, usually "valid-user". I've tried with DBDParams outside <VirtualHost> with similar results. I've tried adding "host=localhost" to DBDParams, with no obvious effect. If I turn DBDPersist on, the user gets a 500, and the error log reports [Error looking up <username> in database - password - acquire_fn]. I added the [password - acquire_fn] bit - authn_dbd_password() has obtained NULL from authn_dbd_acquire_fn(), and googling for this just listed mainly source code. I expect that "DBDPersist on", if I can get it to work at all, will make things more reliable. If I switch to an old AuthUserFile, I get no problems at all. Am I missing some obvious configuration requirement? Are there known problems with the versions of the components I'm using? What else could I investigate? What other information should I provide? Thanks for your attention, Steven --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx