Fwd: mech_step takes long to return

[Aditya Khasnis]

Thank you for you suggestion Rudy, I changed the config.h as mentioned but the 
performance didn't improve.

It still takes a long in mech_step. Should I check anything else?

Regards,
Aditya

-----Original Message----- 
 Re: Fwd: mech_step takes long to return 
 From : Rudy Gevaert <Rudy.Gevaert at ugent.be> 
 To: aditya.khasnis at criticalpath.net 
 CC: cyrus-devel at lists.andrew.cmu.edu 
 Date: Tuesday 23 October 2007 17:44 


> Aditya Khasnis wrote:
> > Hello,
> >
> > We have a LDAP server that uses Cyrus SASL library v 1.5.27.
> >
> > On AIX 5.2, we observe that the SASL searches take long to return. The
> > behavior is such that the first SASL search that we fire returns fast but
> > the subsequent search takes long time to return.
> >
> > I have tried to debug SASL library and in the place where it takes long
> > is the function sasl_server_start(), and exact location is line 1205.
> >
> > It will be great if you great if you could provide us any guidance to
> > debug the problem. The mechanism we are using in the search is
> > DIGEST-MD5.
>
> Slowdown in Sasl is most of the time related to the lack of entropy.
>
> Q: I'm having performance problems on each authentication, there is a
> noticeable slowdown when sasl initializes, what can I do?
>
>      A:libsasl reads from /dev/random as part of its initialization.
> /dev/random is a "secure" source of entropy, and will block your
> application until a sufficient amount of randomness has been collected
> to meet libsasl's needs.
>
>      To improve performance, you can change DEV_RANDOM in config.h to be
> /dev/urandom and recompile libsasl. /dev/urandom offers less secure
> random numbers but should return immediately. The included mechanisms,
> besides OTP and SRP, use random numbers only to generate nonces, so
> using /dev/urandom is safe if you aren't using OTP or SRP.
>
> (http://www.sendmail.org/~ca/email/cyrus2/sysadmin.html)