As HTTP is a relatively stateless protocol, each request generates an authentication attempt. While this is cheap when authenticating against dbm or htpasswd files, it can get very expensive when running against a Windows domain controller, ACE server, or other networked database, particularly on image-rich pages and FancyIndexes from mod_autoindex.
mod_authenticache provides a secure method of caching credentials in order to more efficiently serve in these situations.
mod_authenticache hooks into the start of the authentication/authorization stage of the HTTP transaction. Once a user has been authenticated by another module, mod_authenticache gives the user a cryptographically signed ticket containing a unique identifier for the resource, the authenticated user name, the time s/he was authenticated, and a string representation of the user's IP address.
On subsequent requests, until a configurable timeout, the user presents the ticket. After verifying the signature, making sure the ticket has not expired, and determining that the ticket came from the originating IP address, the user is authenticated to Apache and control passes to the next stage of the transaction, bypassing the networked authenticator.
# tar -zxf mod_authenticache-2.0.8.tar.gz
# cd mod_authenticache-2.0.8
# make install
LoadModule authenticache_module /path/to/mod_authenticache.so
# grep -i LoadModule /path/to/httpd.conf |tail -1
# apachectl restart
Authenticache Off
AuthenticacheTTL 600
AuthenticacheMaxTTL 3600
AuthenticacheTicketName AuthentiCache
AuthenticacheTicketPath /
AuthenticacheVerifyIP Off