|
|
8f4470 |
Red Hat Specific mod_auth_mellon Information
|
|
|
8f4470 |
============================================
|
|
|
8f4470 |
|
|
|
8f4470 |
This README contains information specific to Red Hat's distribution of
|
|
|
8f4470 |
``mod_auth_mellon``.
|
|
|
8f4470 |
|
|
|
8f4470 |
Diagnostic Logging
|
|
|
8f4470 |
------------------
|
|
|
8f4470 |
|
|
|
8f4470 |
Diagnostic logging can be used to collect run time information to help
|
|
|
8f4470 |
diagnose problems with your ``mod_auth_mellon`` deployment. Please see
|
|
|
8f4470 |
the "Mellon Diagnostics" section in the Mellon User Guide for more
|
|
|
8f4470 |
details.
|
|
|
8f4470 |
|
|
|
8f4470 |
How to enable diagnostic logging on Red Hat systems
|
|
|
8f4470 |
```````````````````````````````````````````````````
|
|
|
8f4470 |
|
|
|
8f4470 |
Diagnostic logging adds overhead to the execution of
|
|
|
8f4470 |
``mod_auth_mellon``. The code to emit diagnostic logging must be
|
|
|
8f4470 |
compiled into ``mod_auth_mellon`` at build time. In addition the
|
|
|
8f4470 |
diagnostic log file may contain security sensitive information which
|
|
|
8f4470 |
should not normally be written to a log file. If you have a
|
|
|
8f4470 |
version of ``mod_auth_mellon`` which was built with diagnostics you
|
|
|
8f4470 |
can disable diagnostic logging via the ``MellonDiagnosticsEnable``
|
|
|
8f4470 |
configuration directive. However given human nature the potential to
|
|
|
8f4470 |
enable diagnostic logging while resolving a problem and then forget to
|
|
|
8f4470 |
disable it is not a situation that should exist by default. Therefore
|
|
|
8f4470 |
given the overhead consideration and the desire to avoid enabling
|
|
|
8f4470 |
diagnostic logging by mistake the Red Hat ``mod_auth_mellon`` RPM's
|
|
|
8f4470 |
ship with two versions of the ``mod_auth_mellon`` Apache module.
|
|
|
8f4470 |
|
|
|
8f4470 |
1. The ``mod_auth_mellon`` RPM contains the normal Apache module
|
|
|
8f4470 |
``/usr/lib*/httpd/modules/mod_auth_mellon.so``
|
|
|
8f4470 |
|
|
|
8f4470 |
2. The ``mod_auth_mellon-diagnostics`` RPM contains the diagnostic
|
|
|
8f4470 |
version of the Apache module
|
|
|
8f4470 |
``/usr/lib*/httpd/modules/mod_auth_mellon-diagnostics.so``
|
|
|
8f4470 |
|
|
|
8f4470 |
Because each version of the module has a different name both the
|
|
|
8f4470 |
normal and diagnostic modules can be installed simultaneously without
|
|
|
8f4470 |
conflict. But Apache will only load one of the two modules. Which
|
|
|
8f4470 |
module is loaded is controlled by the
|
|
|
8f4470 |
``/etc/httpd/conf.modules.d/10-auth_mellon.conf`` config file which
|
|
|
8f4470 |
has a line in it which looks like this::
|
|
|
8f4470 |
|
|
|
8f4470 |
LoadModule auth_mellon_module modules/mod_auth_mellon.so
|
|
|
8f4470 |
|
|
|
8f4470 |
To load the diagnostics version of the module you need to change the
|
|
|
8f4470 |
module name so it looks like this::
|
|
|
8f4470 |
|
|
|
8f4470 |
LoadModule auth_mellon_module modules/mod_auth_mellon-diagnostics.so
|
|
|
8f4470 |
|
|
|
8f4470 |
**Don't forget to change it back again when you're done debugging.**
|
|
|
8f4470 |
|
|
|
8f4470 |
You'll also need to enable the collection of diagnostic information,
|
|
|
8f4470 |
do this by adding this directive at the top of your Mellon conf.d
|
|
|
8f4470 |
config file or inside your virtual host config (diagnostics are per
|
|
|
8f4470 |
server instance)::
|
|
|
8f4470 |
|
|
|
8f4470 |
MellonDiagnosticsEnable On
|
|
|
8f4470 |
|
|
|
8f4470 |
.. NOTE::
|
|
|
8f4470 |
Some versions of the Mellon User Guide have a typo in the name of
|
|
|
8f4470 |
this directive, it incorrectly uses ``MellonDiagnosticEnable``
|
|
|
8f4470 |
instead of ``MellonDiagnosticsEnable``. The difference is
|
|
|
8f4470 |
Diagnostics is plural.
|
|
|
8f4470 |
|
|
|
8f4470 |
The Apache ``error_log`` will contain a message indicating how it
|
|
|
8f4470 |
processed the ``MellonDiagnosticsEnable`` directive. If you loaded the
|
|
|
8f4470 |
standard module without diagnostics you'll see a message like this::
|
|
|
8f4470 |
|
|
|
8f4470 |
MellonDiagnosticsEnable has no effect because Mellon was not
|
|
|
8f4470 |
compiled with diagnostics enabled, use
|
|
|
8f4470 |
./configure --enable-diagnostics at build time to turn this
|
|
|
8f4470 |
feature on.
|
|
|
8f4470 |
|
|
|
8f4470 |
If you've loaded the diagnostics version of the module you'll see a
|
|
|
8f4470 |
message in the ``error_log`` like this::
|
|
|
8f4470 |
|
|
|
8f4470 |
mellon diagnostics enabled for virtual server *:443
|
|
|
8f4470 |
(/etc/httpd/conf.d/my_server.conf:7)
|
|
|
8f4470 |
ServerName=https://my_server.example.com:443, diagnostics
|
|
|
8f4470 |
filename=logs/mellon_diagnostics
|