Hello, I had similar problems with a dedicated (not virtual) Debian Etch server (64bits) with mod_auth_cas 1.0.7 However when I changed CASCookieEntropy to 16, it worked well. With CASCookieEntropy = 32 I got pauses of 1 or 2 minutes.
Hope this can help. regards, On Wed, Feb 6, 2008 at 3:40 PM, James Chabot-Weingart <[EMAIL PROTECTED]> wrote: > > We are having similar problems with a Debian Etch server on OpenVZ > (protecting AWstats). I tried changing the CASCookieEntropy to 32, 16, and > 8 (reloading apache each time), but it doesn't seem to have made a > difference. I can still watch the entropy tick up until it passes 64, then > goes back down to zero and slowly accumulates again. > > I upgraded to mod_auth_cas version 1.0.6 (was 1.0.5), but it still does not > seem to be respecting the directive. > > Here is my auth_cas.conf: > > CASLoginURL https://login.uconn.edu/cas/login > CASValidateURL https://login.uconn.edu/cas/serviceValidate > CASCertificatePath /etc/ssl/certs/uconnCA.pem > CASTimeout 7200 > CASIdleTimeout 3600 > CASCookiePath /tmp/cas/ > CASCookieEntropy 32 > > server-info shows the correct CASCookieEntropy value, so apache seems to > know about it. It seems like I must be missing something obvious, but I > can't figure out what. My next step is going to be tweaking the debugging > code, so that I can get mod_auth_cas to tell me what it thinks > CASCookieEntropy is at a couple of different spots. > > I appreciate your time. > > Thank you, > -James > > > > Matt is spot on here. These were my thoughts: > > * Have you changed the CASCookieEntropy value? > > * What is your /proc/sys/kernel/random/entropy_avail value (especially > when seeing this slowdown? Try 'watch -n 0 cat > /proc/sys/kernel/random/entropy_avail') > > * Is this being done in an isolated VM? If so, can you try it on a more > active VM or 'real' machine that has entropy sources? > > -Phil > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Smith, Matt > Sent: Tuesday, December 18, 2007 1:17 PM > To: Yale CAS mailing list > Subject: Re: mod_auth_cas 'pause'. > > Robert- > Three thoughts: > > 1) Are you running under virtualization (VMWare, Xen, etc)? We've seen > a couple small problems with entropy generation in that scenario. You > can try reducing CASCookieEntropy to something smaller than 32, say, 16. > > 2) Make sure the directory specified by CASCookiePath exists, has proper > permissions, and has space. > > 3) Is CASCertificatePath pointing to a directory (the default is > /etc/ssl/certs/)? If so, try pointing directly to the single cert > representing your CAS server's signing CA. Sometimes the directory > lookup takes some time. > > Please let us know if any of this seems to help. > > HTH, > -Matt > -- > View this message in context: > http://www.nabble.com/mod_auth_cas-%27pause%27.-tp14402025p15306646.html > Sent from the CAS Users mailing list archive at Nabble.com. > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > -- Stéphane GULLY http://www.zeitoun.net _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
