dgaudet 97/06/21 11:56:38
Modified: htdocs/manual/misc FAQ.html
Log:
merge in Dirk's three new faq additions
Revision Changes Path
1.73 +119 -5 apache/htdocs/manual/misc/FAQ.html
Index: FAQ.html
===================================================================
RCS file: /export/home/cvs/apache/htdocs/manual/misc/FAQ.html,v
retrieving revision 1.72
retrieving revision 1.73
diff -C3 -r1.72 -r1.73
*** FAQ.html 1997/06/20 17:17:23 1.72
--- FAQ.html 1997/06/21 18:56:36 1.73
***************
*** 15,21 ****
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Apache Server Frequently Asked Questions</H1>
<P>
! $Revision: 1.72 $ ($Date: 1997/06/20 17:17:23 $)
</P>
<P>
The latest version of this FAQ is always available from the main
--- 15,21 ----
<!--#include virtual="header.html" -->
<H1 ALIGN="CENTER">Apache Server Frequently Asked Questions</H1>
<P>
! $Revision: 1.73 $ ($Date: 1997/06/21 18:56:36 $)
</P>
<P>
The latest version of this FAQ is always available from the main
***************
*** 131,136 ****
--- 131,138 ----
<LI><A HREF="#fdlim">Why can't I run more than <<EM>n</EM>>
virtual hosts?</A>
</LI>
+ <LI><A HREF="#freebsd-setsize">Can I increase FD_SETSIZE on FreeBSD?</A>
+ </LI>
<LI><A HREF="#limitGET">Why do I keep getting "access denied"
for
form POST requests?</A>
</LI>
***************
*** 208,213 ****
--- 210,222 ----
<LI><A HREF="#linux-shmget">When I run it under Linux I get "shmget:
function not found", what should I do?</A>
</LI>
+ <LI><A HREF="#authauthoritative">Why does my authentification give
+ me a server error?</A>
+ <LI><A HREF="#auth-on-same-machine">Do I have to keep the (mSQL)
+ authentification information on the same machine?</A>
+ </LI>
+ <LI><A HREF="#msql-slow">Why is my mSQL authentification terribly
slow?</A>
+ </LI>
</OL>
</LI>
</UL>
***************
*** 819,826 ****
HREF="../mod/core.html#listen"
><SAMP>Listen</SAMP></A>
directives. If there are no other servers running on the machine
! and all of them are running on the same port, you normally don't
! need any Listen directives at all.
</LI>
<LI>Reduce the number of log files. You can use
<A
--- 828,836 ----
HREF="../mod/core.html#listen"
><SAMP>Listen</SAMP></A>
directives. If there are no other servers running on the machine
! on the same port then you normally don't
! need any Listen directives at all. By default Apache listens to
! all addresses on port 80.
</LI>
<LI>Reduce the number of log files. You can use
<A
***************
*** 838,844 ****
<A
HREF="perf.html"
>performance hints</A>
! page.
</LI>
<LI>"Don't do that" - try to run with fewer virtual hosts
</LI>
--- 848,855 ----
<A
HREF="perf.html"
>performance hints</A>
! page. There is a specific note for
! <a href="#freebsd-setsize">FreeBSD</a> below.
</LI>
<LI>"Don't do that" - try to run with fewer virtual hosts
</LI>
***************
*** 854,859 ****
--- 865,888 ----
available in the way of solutions.
</P>
<HR>
+
+ <LI><A NAME="freebsd-setsize">
+ <STRONG>Can I increase FD_SETSIZE on FreeBSD?</STRONG>
+ </A>
+ <P>
+ On FreeBSD 2.2 and older FD_SETSIZE, which limits the number of open
+ files on the system, is limted to 256. This can limit the number of
+ virtual hosts you are using; especially if they all use different log
+ files. Increasing this limit (and recompiling apache) is not enough
+ (As it is on some platforms, such as Solaris), as you also will have
+ to recompile libc with the changed setting.
+ </P>
+ <p>
+ On FreeBSD 3.0 the default is 1024, so the problem is lessened.
+ </p>
+ <HR>
+ </LI>
+
<LI><A NAME="limitGET">
<STRONG>Why do I keep getting "access denied" for form POST
requests?</STRONG>
***************
*** 1160,1166 ****
</LI>
<LI><A NAME="linuxiovec">
<STRONG>Why do I get complaints about redefinition
! of "<CODE>struct iovec</CODE>" when compiling under
Linux?</STRONG>
</A>
<P>
This is a conflict between your C library includes and your kernel
--- 1189,1196 ----
</LI>
<LI><A NAME="linuxiovec">
<STRONG>Why do I get complaints about redefinition
! of "<CODE>struct iovec</CODE>" when
! compiling under Linux?</STRONG>
</A>
<P>
This is a conflict between your C library includes and your kernel
***************
*** 1582,1587 ****
--- 1612,1701 ----
a server which is slower and less reliable.
</P>
<HR>
+ </LI>
+
+ <LI><A NAME="authauthoritative">
+ <STRONG>Why does my authentification give me a server error?</STRONG>
+ </A>
+ <P>
+ Under normal circumstances, the apache access control modules will
+ pass unrecognized userids on to the next access control module in
+ line. Only if the userid is recognized, the password is validated
+ (or not) will it give the usual success or authentification failed
+ messages.
+ </p>
+ <p>
+ However if the last access module in line 'declines' the validation
+ request (because it has never heard of the userid or because it is not
+ configured) the http_request handler will give one of the following,
+ confusing, errors:
+ <UL>
+ <li> <code>check access</code>
+ <li> <code>check user. No user file? </code>
+ <li> <code>check access. No groups file? </code>
+ </ul>
+ This does not mean that you have to add a 'AuthUserFile /dev/null'
+ line as some magazines suggest !
+ </p>
+ <p>
+ The solution is to ensure that at least the last module is authoritative
+ and <b>CONFIGURED</b>. By default <code>mod_auth</code> is authoritative
+ and will give an OK/Denied, but only if it is configured with the
+ proper AuthUserFile. Likewise if a valid group is required. (Remember
+ that the modules are processed in the reverse order they appear in
+ your compile-time Configuration file.)
+ </P>
+ <p>
+ A typical situation for this error is when you are using the
+ mod_auth_dbm, mod_auth_msql, mod_auth_mysql, mod_auth_anon or
+ mod_auth_cookie on their own. These are by default <b>not</b>
+ authoritative, and this will pass the buck on to the (non-existent) next
+ authentification module when the user ID is not in their respective
+ database. Just add the appropriate 'XXXAuthoritative yes' line to
+ the configuration.
+ </p>
+ <p>
+ In general it is a good idea (though not terribly efficient) to have the
+ file based mod_auth a module of last resort. This allows you to access
+ the web server with a few special passwords even if the databases are
+ down or corrupted. This does cost a file-open/seek/close for each
+ request in a protected area.
+ </p>
+ <HR>
+ </LI>
+
+ <LI><A NAME="auth-on-same-machine">
+ <STRONG>Do I have to keep the (mSQL) authentification information
+ on the same machine?</STRONG>
+ </A>
+ <p>
+ Some organizations feel very strongly about keeping the authentification
+ information on a different machine than the webserver. With the
+ mod_auth_msql, mod_auth_mysql and other SQL modules connecting to
+ (R)DBMses this is quite well possible. Just configure an explicit host
+ to contact.
+ </p>
+ <p>
+ Be aware that with mSQL and Oracle, opening and closing these database
+ connections is very expensive and time consuming. You might want to
+ look at the code in the auth_modules and play with the compile time
+ flags to alleviate this somewhat; if your RDBMS licences alows for it.
+ </p>
+ <HR>
+ </LI>
+
+ <LI><A NAME="msql-slow">
+ <STRONG>Why is my mSQL authentification terribly slow?</STRONG>
+ </A>
+ <p>
+ You have probably configured the Host by specificing a FQHN,
+ and thus the libmsql will use a full blown tcp/ip socket to talk to
+ the database, rather than a fast internal device. Both the libmsql,
+ the mSQL faq and the mod_auth_msql documentation warn you about this. If
+ you have to use different hosts, check out the mod_auth_msql code for
+ some compile time flags which might, or might not suit you.
+ </p>
+ <HR>
</LI>
<!-- Don't forget to add HR tags at the end of each list item.. -->
