Yes, and make sure that is the user running the web service: # ps aux | grep httpd
The user will need permissions down every folder. If all else fails, are you runnning SE Linux? That can sometimes restrict access to files. Thanks, Carl ----- Original Message ----- From: "Matt Smith" <[email protected]> To: "Song, Doe-Hyun" <[email protected]> Cc: "waldbiec" <[email protected]>, [email protected] Sent: Friday, February 19, 2016 3:46:35 PM Subject: Re: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two Apache Servers. Can you confirm that the Apache user can write to that directory ? # su apache -s /bin/bash -c "touch /mnt/tnsag/cas/cas_cache/foo" -Matt On Fri, Feb 19, 2016 at 3:29 PM, Song, Doe-Hyun <[email protected]> wrote: > Unfortunately, apache owns the directory. > > > [root@webarms01q cas]# pwd > /mnt/tnsag/cas > [root@webarms01q cas]# ll > drwxr-xr-x. 2 apache apache 4096 Feb 19 12:40 cas_cache > > -----Original Message----- > From: Waldbieser, Carl [mailto:[email protected]] > Sent: Friday, February 19, 2016 2:48 PM > To: Song, Doe-Hyun > Cc: christian folini; [email protected]; [email protected] > Subject: Re: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two Apache > Servers. > > That typically means the path doesn't exist or the web user (apache?) > doesn't have permission to read/write in that folder. > > Thanks, > Carl Waldbieser > ITS Systems Programmer > Lafayette College > > ----- Original Message ----- > From: "Song, Doe-Hyun" <[email protected]> > To: "christian folini" <[email protected]>, [email protected] > Cc: [email protected] > Sent: Friday, February 19, 2016 2:41:38 PM > Subject: RE: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two Apache > Servers. > > Matt and Christian, > > Thanks for your help. I tried to implement it and had interesting error. > > Switch the cache directory to network directory. > > #CASCookiePath /var/cache/mod_auth_cas/ > CASCookiePath /mnt/tnsag/cas/cas_cache/ > > Then, I have the following error. > [root@webarms02q cas_cache]# /etc/init.d/httpd restart > Stopping httpd: [ OK ] > Starting httpd: Syntax error on line 7 of /etc/httpd/conf.d/cas.conf: > MOD_AUTH_CAS: CASCookiePath '/mnt/tnsag/cas/cas_cache/' is not a directory > or does not end in a trailing '/'! > [FAILED] > > Thanks, > Doe > > > > From: [email protected] [mailto:[email protected]] > Sent: Wednesday, February 17, 2016 1:41 AM > To: [email protected]; Song, Doe-Hyun > Cc: [email protected] > Subject: AW: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two Apache > Servers. > > Hi guys, > > We used to run two identical apaches using mod_auth_cas behind a > loadbalancer. > So both apaches would be called www.example.com<http://www.example.com> > and both cookies had the > same name. So s2 would overwrite the cookie of s1. > > We would keep the sessions in sync on the two apache servers with the help > of > unison. This worked just fine as far as mod_auth_cas is concerned. > > We eventually moved away because of issues with unison and because the > pressing > need for the feature went away too. > > Just my 2 cents. > > Christian Folini > > > > Von: [email protected] [mailto:[email protected]] Im Auftrag von Matt > Smith > Gesendet: Montag, 15. Februar 2016 23:54 > An: Song, Doe-Hyun > Cc: [email protected] > Betreff: RE: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two Apache > Servers. > > > Yes, that is what should occur. But please note that while I think this > should work, you may experience things we did not anticipate in the > design. I would love to get your results, though, if you do attempt this. > On Feb 15, 2016 16:40, "Song, Doe-Hyun" <[email protected]<mailto: > [email protected]>> wrote: > Matt, > > If so, can we have one cookie for both instances? Currently one cookie per > apache is created, meaning two cookies with different name with S1 and S2 > suffix. > > Thanks, > Doe > > From: Matt Smith [mailto:[email protected]<mailto:[email protected]>] > Sent: Monday, February 15, 2016 4:20 PM > To: Song, Doe-Hyun > Cc: [email protected]<mailto:[email protected]> > Subject: Re: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two Apache > Servers. > > Hello, > > This is an interesting use-case, and not one that the mod_auth_cas team > has designed for. I have heard of deployers pointing CASCookiePath at a > shared network location for fault tolerance, but I'm thinking that may also > work for this use-case. Would you be able to try configuring CASCookiePath > to shared storage, e.g., NFS, and see if this meets your requirements? > This would allow each instance to use exactly the same cookie information. > > -Matt > > On Fri, Feb 12, 2016 at 2:40 PM, Song, Doe-Hyun <[email protected]<mailto: > [email protected]>> wrote: > CAS Community, > > We use Mod_Auth_Cas for our CAS Client. We have Mod_Auth_Cas on two apache > servers respectively. Each Apache is invoked randomly through Load Balancer > up front with a single URL. > > Each Mod_Auth_Cas generates Cookie as Mod_Auth_Cas_S1 for S1 instance and > Mod_Auth_Cas_S2 for S2 instance. I can see two cookies from my browser. > > Because of some reasons, I would like to synchronize timeout of those two > instances. Timeout could be different if S1 is invoked at 1:00PM and S2 is > invoked at 1:10PM. > > FYI, CAS Server uses Ehcache to synchronize tickets between two CAS > Servers. > > Thanks, > > Doe Song > > > > > The information contained in this e-mail and any attachments is > confidential and > > intended only for the recipient. If you are not the intended recipient, the > > information contained in this message may not be used, copied, or > forwarded to > > third parties or otherwise distributed for any other purpose. Please > notify the > > sender if you received this e-mail in error and delete the e-mail and its > > attachments promptly. Nothing in this e-mail may be used or deemed to > form the > > basis of a contractual or any other legally binding obligation unless > separately > > confirmed in writing by an authorized representative of ARMADA. > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]<mailto: > [email protected]>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > > > > -- > [email protected]<mailto:[email protected]> > PGP: E2144AD8 > > > > > > The information contained in this e-mail and any attachments is > confidential and > > intended only for the recipient. If you are not the intended recipient, the > > information contained in this message may not be used, copied, or > forwarded to > > third parties or otherwise distributed for any other purpose. Please > notify the > > sender if you received this e-mail in error and delete the e-mail and its > > attachments promptly. Nothing in this e-mail may be used or deemed to > form the > > basis of a contractual or any other legally binding obligation unless > separately > > confirmed in writing by an authorized representative of ARMADA. > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]<mailto: > [email protected]>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > > > > The information contained in this e-mail and any attachments is > confidential and > intended only for the recipient. If you are not the intended recipient, the > information contained in this message may not be used, copied, or > forwarded to > third parties or otherwise distributed for any other purpose. Please > notify the > sender if you received this e-mail in error and delete the e-mail and its > attachments promptly. Nothing in this e-mail may be used or deemed to > form the > basis of a contractual or any other legally binding obligation unless > separately > confirmed in writing by an authorized representative of ARMADA. > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > > > > The information contained in this e-mail and any attachments is > confidential and > intended only for the recipient. If you are not the intended recipient, the > information contained in this message may not be used, copied, or > forwarded to > third parties or otherwise distributed for any other purpose. Please > notify the > sender if you received this e-mail in error and delete the e-mail and its > attachments promptly. Nothing in this e-mail may be used or deemed to > form the > basis of a contractual or any other legally binding obligation unless > separately > confirmed in writing by an authorized representative of ARMADA. > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > -- [email protected] PGP: E2144AD8 -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
