A generic credential caching module for Apache


As HTTP is a relatively stateless protocol, each request generates an authentication attempt. While this is cheap when authenticating against dbm or htpasswd files, it can get very expensive when running against a Windows domain controller, ACE server, or other networked database, particularly on image-rich pages and FancyIndexes from mod_autoindex.

mod_authenticache provides a secure method of caching credentials in order to more efficiently serve in these situations.


mod_authenticache hooks into the start of the authentication/authorization stage of the HTTP transaction. Once a user has been authenticated by another module, mod_authenticache gives the user a cryptographically signed ticket containing a unique identifier for the resource, the authenticated user name, the time s/he was authenticated, and a string representation of the user's IP address.

On subsequent requests, until a configurable timeout, the user presents the ticket. After verifying the signature, making sure the ticket has not expired, and determining that the ticket came from the originating IP address, the user is authenticated to Apache and control passes to the next stage of the transaction, bypassing the networked authenticator.


  1. Untar the sources:
  2. # tar -zxf mod_authenticache-2.0.8.tar.gz
  3. Change into the source directory:
    # cd mod_authenticache-2.0.8
  4. Install it:
  5. # make install
  6. Manually add the following as the last "LoadModule" line in httpd.conf:
  7. LoadModule authenticache_module /path/to/
  8. Verify that it is the last module loaded:
  9. # grep -i LoadModule /path/to/httpd.conf |tail -1
  10. Restart Apache:
  11. # apachectl restart

Configuration Directives: