mod_auth_cas 'pause'.

Stéphane Gully stephane.gully at gmail.com
Tue Jun 3 03:18:02 EDT 2008 

Hello,

I had similar problems with a dedicated (not virtual) Debian Etch
server (64bits) with mod_auth_cas 1.0.7
However when I changed CASCookieEntropy to 16, it worked well.
With CASCookieEntropy = 32 I got pauses of 1 or 2 minutes.

Hope this can help.

regards,

On Wed, Feb 6, 2008 at 3:40 PM, James Chabot-Weingart
<james.chabot-weingart at uconn.edu> wrote:
>
> We are having similar problems with a Debian Etch server on OpenVZ
> (protecting AWstats).  I tried changing the CASCookieEntropy to 32, 16, and
> 8 (reloading apache each time), but it doesn't seem to have made a
> difference. I can still watch the entropy tick up until it passes 64, then
> goes back down to zero and slowly accumulates again.
>
> I upgraded to mod_auth_cas version 1.0.6 (was 1.0.5), but it still does not
> seem to be respecting the directive.
>
> Here is my auth_cas.conf:
>
>  CASLoginURL https://login.uconn.edu/cas/login
>  CASValidateURL https://login.uconn.edu/cas/serviceValidate
>  CASCertificatePath /etc/ssl/certs/uconnCA.pem
>  CASTimeout 7200
>  CASIdleTimeout 3600
>  CASCookiePath /tmp/cas/
>  CASCookieEntropy 32
>
> server-info shows the correct CASCookieEntropy value, so apache seems to
> know about it.  It seems like I must be missing something obvious, but I
> can't figure out what.  My next step is going to be tweaking the debugging
> code, so that I can get mod_auth_cas to tell me what it thinks
> CASCookieEntropy is at a couple of different spots.
>
> I appreciate your time.
>
> Thank you,
> -James
>
>
>
> Matt is spot on here.  These were my thoughts:
>
> * Have you changed the CASCookieEntropy value?
>
> * What is your /proc/sys/kernel/random/entropy_avail value (especially
> when seeing this slowdown?  Try 'watch -n 0 cat
> /proc/sys/kernel/random/entropy_avail')
>
> * Is this being done in an isolated VM?  If so, can you try it on a more
> active VM or 'real' machine that has entropy sources?
>
> -Phil
>
> -----Original Message-----
> From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]
> On Behalf Of Smith, Matt
> Sent: Tuesday, December 18, 2007 1:17 PM
> To: Yale CAS mailing list
> Subject: Re: mod_auth_cas 'pause'.
>
> Robert-
>  Three thoughts:
>
> 1) Are you running under virtualization (VMWare, Xen, etc)?  We've seen
> a couple small problems with entropy generation in that scenario.  You
> can try reducing CASCookieEntropy to something smaller than 32, say, 16.
>
> 2) Make sure the directory specified by CASCookiePath exists, has proper
> permissions, and has space.
>
> 3) Is CASCertificatePath pointing to a directory (the default is
> /etc/ssl/certs/)?  If so, try pointing directly to the single cert
> representing your CAS server's signing CA.  Sometimes the directory
> lookup takes some time.
>
> Please let us know if any of this seems to help.
>
> HTH,
> -Matt
> --
> View this message in context: http://www.nabble.com/mod_auth_cas-%27pause%27.-tp14402025p15306646.html
> Sent from the CAS Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>



-- 
Stéphane GULLY
http://www.zeitoun.net

More information about the cas mailing list