Fwd: mech_step takes long to return
Rudy Gevaert
Rudy.Gevaert at UGent.be
Tue Oct 23 08:14:18 EDT 2007
Aditya Khasnis wrote:
> Hello,
>
> We have a LDAP server that uses Cyrus SASL library v 1.5.27.
>
> On AIX 5.2, we observe that the SASL searches take long to return. The
> behavior is such that the first SASL search that we fire returns fast but the
> subsequent search takes long time to return.
>
> I have tried to debug SASL library and in the place where it takes long is
> the function sasl_server_start(), and exact location is line 1205.
>
> It will be great if you great if you could provide us any guidance to debug
> the problem. The mechanism we are using in the search is DIGEST-MD5.
Slowdown in Sasl is most of the time related to the lack of entropy.
Q: I'm having performance problems on each authentication, there is a
noticeable slowdown when sasl initializes, what can I do?
A:libsasl reads from /dev/random as part of its initialization.
/dev/random is a "secure" source of entropy, and will block your
application until a sufficient amount of randomness has been collected
to meet libsasl's needs.
To improve performance, you can change DEV_RANDOM in config.h to be
/dev/urandom and recompile libsasl. /dev/urandom offers less secure
random numbers but should return immediately. The included mechanisms,
besides OTP and SRP, use random numbers only to generate nonces, so
using /dev/urandom is safe if you aren't using OTP or SRP.
(http://www.sendmail.org/~ca/email/cyrus2/sysadmin.html)
--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Rudy Gevaert Rudy.Gevaert at UGent.be tel:+32 9 264 4734
Directie ICT, afd. Infrastructuur ICT Department, Infrastructure office
Groep Systemen Systems group
Universiteit Gent Ghent University
Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
More information about the Cyrus-devel
mailing list