Fwd: mech_step takes long to return
Aditya Khasnis
aditya.khasnis at criticalpath.net
Tue Oct 23 08:29:12 EDT 2007
Thank you for you suggestion Rudy, I changed the config.h as mentioned but the
performance didn't improve.
It still takes a long in mech_step. Should I check anything else?
Regards,
Aditya
-----Original Message-----
Re: Fwd: mech_step takes long to return
From : Rudy Gevaert <Rudy.Gevaert at ugent.be>
To: aditya.khasnis at criticalpath.net
CC: cyrus-devel at lists.andrew.cmu.edu
Date: Tuesday 23 October 2007 17:44
> Aditya Khasnis wrote:
> > Hello,
> >
> > We have a LDAP server that uses Cyrus SASL library v 1.5.27.
> >
> > On AIX 5.2, we observe that the SASL searches take long to return. The
> > behavior is such that the first SASL search that we fire returns fast but
> > the subsequent search takes long time to return.
> >
> > I have tried to debug SASL library and in the place where it takes long
> > is the function sasl_server_start(), and exact location is line 1205.
> >
> > It will be great if you great if you could provide us any guidance to
> > debug the problem. The mechanism we are using in the search is
> > DIGEST-MD5.
>
> Slowdown in Sasl is most of the time related to the lack of entropy.
>
> Q: I'm having performance problems on each authentication, there is a
> noticeable slowdown when sasl initializes, what can I do?
>
> A:libsasl reads from /dev/random as part of its initialization.
> /dev/random is a "secure" source of entropy, and will block your
> application until a sufficient amount of randomness has been collected
> to meet libsasl's needs.
>
> To improve performance, you can change DEV_RANDOM in config.h to be
> /dev/urandom and recompile libsasl. /dev/urandom offers less secure
> random numbers but should return immediately. The included mechanisms,
> besides OTP and SRP, use random numbers only to generate nonces, so
> using /dev/urandom is safe if you aren't using OTP or SRP.
>
> (http://www.sendmail.org/~ca/email/cyrus2/sysadmin.html)
More information about the Cyrus-devel
mailing list