Carl and Matt, Thanks for your help. Unfortunately, I can create the foo or foo2 files and apache is the user to run httpd. We use Red Hat.
[root@webarms02q dhs]# su apache -s /bin/bash -c "touch /mnt/tnsag/cas/cas_cache/foo2" [root@webarms02q dhs]# cd /mnt/tnsag/cas/cas_cache [root@webarms02q cas_cache]# ll total 0 -rw-r--r--. 1 apache apache 0 Feb 22 10:11 foo -rw-r--r--. 1 apache apache 0 Feb 22 10:14 foo2 [root@webarms02q cas_cache]# ps aux | grep httpd apache 307 0.0 0.1 422616 14900 ? Sl 08:32 0:01 /usr/sbin/httpd apache 310 0.0 0.1 422616 14896 ? Sl 08:32 0:02 /usr/sbin/httpd apache 313 0.0 0.1 422616 14924 ? Sl 08:32 0:01 /usr/sbin/httpd apache 366 0.0 0.1 422616 14828 ? Sl 08:57 0:00 /usr/sbin/httpd root 646 0.0 0.0 110172 848 pts/0 S+ 10:14 0:00 grep httpd root 21988 0.0 0.1 266112 14436 ? Ss Feb19 0:21 /usr/sbin/httpd apache 31507 0.0 0.1 422616 14936 ? Sl 01:58 0:03 /usr/sbin/httpd apache 32360 0.0 0.1 422616 14924 ? Sl 05:49 0:02 /usr/sbin/httpd apache 32432 0.0 0.1 422616 14900 ? Sl 06:10 0:02 /usr/sbin/httpd apache 32637 0.0 0.1 422616 14908 ? Sl 07:43 0:02 /usr/sbin/httpd apache 32642 0.0 0.1 422616 14940 ? Sl 07:43 0:02 /usr/sbin/httpd apache 32707 0.0 0.1 422616 14920 ? Sl 08:03 0:02 /usr/sbin/httpd apache 32756 0.0 0.1 422616 14908 ? Sl 08:27 0:01 /usr/sbin/httpd apache 32759 0.0 0.1 422616 14840 ? Sl 08:28 0:01 /usr/sbin/httpd [root@webarms02q cas_cache]# cat /etc/issue Red Hat Enterprise Linux Server release 6.5 (Santiago) Kernel \r on an \m [root@webarms02q cas_cache]# uname -a Linux webarms02q 2.6.32-431.5.1.el6.x86_64 #1 SMP Fri Jan 10 14:46:43 EST 2014 x86_64 x86_64 x86_64 GNU/Linux [root@webarms02q cas_cache]# uname -r 2.6.32-431.5.1.el6.x86_64 -----Original Message----- From: Waldbieser, Carl [mailto:[email protected]] Sent: Friday, February 19, 2016 4:08 PM To: Song, Doe-Hyun Cc: [email protected]; Matt Smith Subject: Re: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two Apache Servers. Yes, and make sure that is the user running the web service: # ps aux | grep httpd The user will need permissions down every folder. If all else fails, are you runnning SE Linux? That can sometimes restrict access to files. Thanks, Carl ----- Original Message ----- From: "Matt Smith" <[email protected]> To: "Song, Doe-Hyun" <[email protected]> Cc: "waldbiec" <[email protected]>, [email protected] Sent: Friday, February 19, 2016 3:46:35 PM Subject: Re: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two Apache Servers. Can you confirm that the Apache user can write to that directory ? # su apache -s /bin/bash -c "touch /mnt/tnsag/cas/cas_cache/foo" -Matt On Fri, Feb 19, 2016 at 3:29 PM, Song, Doe-Hyun <[email protected]> wrote: > Unfortunately, apache owns the directory. > > > [root@webarms01q cas]# pwd > /mnt/tnsag/cas > [root@webarms01q cas]# ll > drwxr-xr-x. 2 apache apache 4096 Feb 19 12:40 cas_cache > > -----Original Message----- > From: Waldbieser, Carl [mailto:[email protected]] > Sent: Friday, February 19, 2016 2:48 PM > To: Song, Doe-Hyun > Cc: christian folini; [email protected]; [email protected] > Subject: Re: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two Apache > Servers. > > That typically means the path doesn't exist or the web user (apache?) > doesn't have permission to read/write in that folder. > > Thanks, > Carl Waldbieser > ITS Systems Programmer > Lafayette College > > ----- Original Message ----- > From: "Song, Doe-Hyun" <[email protected]> > To: "christian folini" <[email protected]>, [email protected] > Cc: [email protected] > Sent: Friday, February 19, 2016 2:41:38 PM > Subject: RE: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two Apache > Servers. > > Matt and Christian, > > Thanks for your help. I tried to implement it and had interesting error. > > Switch the cache directory to network directory. > > #CASCookiePath /var/cache/mod_auth_cas/ > CASCookiePath /mnt/tnsag/cas/cas_cache/ > > Then, I have the following error. > [root@webarms02q cas_cache]# /etc/init.d/httpd restart > Stopping httpd: [ OK ] > Starting httpd: Syntax error on line 7 of /etc/httpd/conf.d/cas.conf: > MOD_AUTH_CAS: CASCookiePath '/mnt/tnsag/cas/cas_cache/' is not a directory > or does not end in a trailing '/'! > [FAILED] > > Thanks, > Doe > > > > From: [email protected] [mailto:[email protected]] > Sent: Wednesday, February 17, 2016 1:41 AM > To: [email protected]; Song, Doe-Hyun > Cc: [email protected] > Subject: AW: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two Apache > Servers. > > Hi guys, > > We used to run two identical apaches using mod_auth_cas behind a > loadbalancer. > So both apaches would be called www.example.com<http://www.example.com> > and both cookies had the > same name. So s2 would overwrite the cookie of s1. > > We would keep the sessions in sync on the two apache servers with the help > of > unison. This worked just fine as far as mod_auth_cas is concerned. > > We eventually moved away because of issues with unison and because the > pressing > need for the feature went away too. > > Just my 2 cents. > > Christian Folini > > > > Von: [email protected] [mailto:[email protected]] Im Auftrag von Matt > Smith > Gesendet: Montag, 15. Februar 2016 23:54 > An: Song, Doe-Hyun > Cc: [email protected] > Betreff: RE: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two Apache > Servers. > > > Yes, that is what should occur. But please note that while I think this > should work, you may experience things we did not anticipate in the > design. I would love to get your results, though, if you do attempt this. > On Feb 15, 2016 16:40, "Song, Doe-Hyun" <[email protected]<mailto: > [email protected]>> wrote: > Matt, > > If so, can we have one cookie for both instances? Currently one cookie per > apache is created, meaning two cookies with different name with S1 and S2 > suffix. > > Thanks, > Doe > > From: Matt Smith [mailto:[email protected]<mailto:[email protected]>] > Sent: Monday, February 15, 2016 4:20 PM > To: Song, Doe-Hyun > Cc: [email protected]<mailto:[email protected]> > Subject: Re: [cas-user] Mod_Auth_Cas Timeout Synchronization on Two Apache > Servers. > > Hello, > > This is an interesting use-case, and not one that the mod_auth_cas team > has designed for. I have heard of deployers pointing CASCookiePath at a > shared network location for fault tolerance, but I'm thinking that may also > work for this use-case. Would you be able to try configuring CASCookiePath > to shared storage, e.g., NFS, and see if this meets your requirements? > This would allow each instance to use exactly the same cookie information. > > -Matt > > On Fri, Feb 12, 2016 at 2:40 PM, Song, Doe-Hyun <[email protected]<mailto: > [email protected]>> wrote: > CAS Community, > > We use Mod_Auth_Cas for our CAS Client. We have Mod_Auth_Cas on two apache > servers respectively. Each Apache is invoked randomly through Load Balancer > up front with a single URL. > > Each Mod_Auth_Cas generates Cookie as Mod_Auth_Cas_S1 for S1 instance and > Mod_Auth_Cas_S2 for S2 instance. I can see two cookies from my browser. > > Because of some reasons, I would like to synchronize timeout of those two > instances. Timeout could be different if S1 is invoked at 1:00PM and S2 is > invoked at 1:10PM. > > FYI, CAS Server uses Ehcache to synchronize tickets between two CAS > Servers. > > Thanks, > > Doe Song > > > > > The information contained in this e-mail and any attachments is > confidential and > > intended only for the recipient. If you are not the intended recipient, the > > information contained in this message may not be used, copied, or > forwarded to > > third parties or otherwise distributed for any other purpose. Please > notify the > > sender if you received this e-mail in error and delete the e-mail and its > > attachments promptly. Nothing in this e-mail may be used or deemed to > form the > > basis of a contractual or any other legally binding obligation unless > separately > > confirmed in writing by an authorized representative of ARMADA. > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]<mailto: > [email protected]>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > > > > -- > [email protected]<mailto:[email protected]> > PGP: E2144AD8 > > > > > > The information contained in this e-mail and any attachments is > confidential and > > intended only for the recipient. If you are not the intended recipient, the > > information contained in this message may not be used, copied, or > forwarded to > > third parties or otherwise distributed for any other purpose. Please > notify the > > sender if you received this e-mail in error and delete the e-mail and its > > attachments promptly. Nothing in this e-mail may be used or deemed to > form the > > basis of a contractual or any other legally binding obligation unless > separately > > confirmed in writing by an authorized representative of ARMADA. > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]<mailto: > [email protected]>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > > > > The information contained in this e-mail and any attachments is > confidential and > intended only for the recipient. If you are not the intended recipient, the > information contained in this message may not be used, copied, or > forwarded to > third parties or otherwise distributed for any other purpose. Please > notify the > sender if you received this e-mail in error and delete the e-mail and its > attachments promptly. Nothing in this e-mail may be used or deemed to > form the > basis of a contractual or any other legally binding obligation unless > separately > confirmed in writing by an authorized representative of ARMADA. > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > > > > The information contained in this e-mail and any attachments is > confidential and > intended only for the recipient. If you are not the intended recipient, the > information contained in this message may not be used, copied, or > forwarded to > third parties or otherwise distributed for any other purpose. Please > notify the > sender if you received this e-mail in error and delete the e-mail and its > attachments promptly. Nothing in this e-mail may be used or deemed to > form the > basis of a contractual or any other legally binding obligation unless > separately > confirmed in writing by an authorized representative of ARMADA. > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > -- [email protected] PGP: E2144AD8 The information contained in this e-mail and any attachments is confidential and intended only for the recipient. If you are not the intended recipient, the information contained in this message may not be used, copied, or forwarded to third parties or otherwise distributed for any other purpose. Please notify the sender if you received this e-mail in error and delete the e-mail and its attachments promptly. Nothing in this e-mail may be used or deemed to form the basis of a contractual or any other legally binding obligation unless separately confirmed in writing by an authorized representative of ARMADA. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
