A project I'm working on required me to disable authentication caching
in acl.c with some rather curious results: Logging of the user-name in
the access.log vanished.
It turns out that if you are using an external authenticator, the
username is only logged on _subsequent_ (that is, cached) authentication
hits. If the user's authentication credentials expire from the cache,
their next (initially authenticated) request doesn't log any user info.
I'm pretty sure that this behaviour is unintentional.
Here's a patch:
diff -rc old/acl.c new/acl.c
*** old/acl.c Wed Jan 6 17:51:06 1999
--- new/acl.c Wed Jan 6 17:51:41 1999
***************
*** 1057,1062 ****
--- 1057,1063 ----
}
debug(28, 4) ("aclMatchProxyAuth: user '%s' validated OK\n",
user);
/* store validated user in hash, after filling in expiretime */
+ xstrncpy(checklist->request->user_ident, user, USER_IDENT_SZ);
checklist->auth_user->expiretime = current_time.tv_sec +
Config.authenticateTTL;
hash_join(proxy_auth_cache, (hash_link *) checklist->auth_user);
Received on Tue Jan 05 1999 - 23:39:19 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:54 MST