When you say "integrated security" are you talking about the NTLM auth
scheme for HTTP?  As long as mod_proxy properly handles HTTP Keep-Alive,
and recent Apache mod_proxy does, NTLM auth should work just fine.

....
We're talking about different things.  In Unix, you can use
Apache/mod_proxy + AOLServer to combine url spaces and use AOLServer
much like an app server. Agreed

In Windows,  you can use an Apache reverse proxy to combine AOLServer
and IIS URL spaces,  but only IIS will be able to do the NTLM
handshaking required to get a network ID.  AOLServer would sit behind
Apache and get the proxied Apache request without any single sign-on
info at all.

There are several ways to do this with Apache (mod_ntlm, gssapi), but
they're complicated, buggy, get broken by windows service packs,  or all
of the above.


I'd be happy to work on an initial proof-of-concept implementation if
you think there's a real application for it.

YES! Please -- it would be insanely great to have a starting point.


I'm still not convinced that anyone would seriously run AOLserver as a FastCGI 
app. fronted with
another webserver.  Or, to rephrase: anyone who's willing to do so with
the necessary performance impact that it will entail ought to look at a
simpler solution like mod_proxy or some other reverse proxy software.


Do you have a sense for how much slower this would be? Are we talking about a fractional performance hit or order of magnitude?

(I am not convinced sane people would choose e.g. Cold Fusion, but that
didn't seem to effect its popularity)

I'm not sure about the fastcgi library's thread safety... that will be
easy to find out.


Yes and no.  If the code is definitely not thread-safe, it's probably
documented.  However, often code will be declared thread-safe that
isn't ... that's when we'll feel pain.  :-)


FastCGI has the benefit to being as old a technology as AOLServer (older?). It's very likely someone has done what you want to do, and has uncovered the hiccups. I'll ask.


John Sequeira http://www.oreillynet.com/pub/au/1780


-- AOLserver - http://www.aolserver.com/

To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> 
with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: 
field of your email blank.

Reply via email to