saslauthd performance anxiety
Lawrence Greenfield
leg+ at andrew.cmu.edu
Sat Jan 4 15:16:24 EST 2003
--On Wednesday, January 01, 2003 9:21 PM -0500 Igor Brezac <igor at ipass.net>
wrote:
[...]
>> If you are on Solaris, I highly recommend the doors IPC method over the
>> UNIX socket method, since we began to see very bizarre problems under
>> load.
>
> You might run into problems if you use ldap api and doors, ldap module
> may not be thread safe. In addition, thread safe ldap libs need to be
> used when saslauthd-doors is built.
>
> I'd like to enhance saslauthd to use loopback interface at some point,
> this will solve the problem with unix sockets and you do not need to worry
> about thread safety.
Solaris doors are really the ideal form of IPC for saslauthd. They have the
problem that code has to be thread-safe and thus it isn't for everybody,
but for high performance sites it really is a good deal.
Using the loopback interface will probably cause more people to raise
security flags (as it is, people seem to worry about saslauthd and Unix
sockets, which have much more obvious access control).
Larry
More information about the Info-cyrus
mailing list