Fwd: mech_step takes long to return

Aditya Khasnis aditya.khasnis at criticalpath.net
Tue Oct 23 23:49:00 EDT 2007 

Thanks for your inputs Michael. I will try out a few things and let you know 
how it goes.

Regards,
Adi

-----Original Message----- 
 Re: Fwd: mech_step takes long to return 
 From : Michael Bacon <baconm at email.unc.edu> 
 To: aditya.khasnis at criticalpath.net, Rudy Gevaert <Rudy.Gevaert at ugent.be> 
 CC: cyrus-devel at lists.andrew.cmu.edu 
 Date: Tuesday 23 October 2007 21:39 


> It looks like AIX 5.2 has a new implementation of /dev/urandom, and that
> other applications are seeing slowness in the device:
>
> http://www.webservertalk.com/archive92-2004-5-151843.html
>
> Not much that SASL can do if the OS won't give it randomness quickly.
>
> -Michael
>
> --On Tuesday, October 23, 2007 5:59 PM +0530 Aditya Khasnis
>
> <aditya.khasnis at criticalpath.net> wrote:
> > Thank you for you suggestion Rudy, I changed the config.h as mentioned
> > but the  performance didn't improve.
> >
> > It still takes a long in mech_step. Should I check anything else?
> >
> > Regards,
> > Aditya
> >
> > -----Original Message-----
> >  Re: Fwd: mech_step takes long to return
> >  From : Rudy Gevaert <Rudy.Gevaert at ugent.be>
> >  To: aditya.khasnis at criticalpath.net
> >  CC: cyrus-devel at lists.andrew.cmu.edu
> >  Date: Tuesday 23 October 2007 17:44
> >
> >> Aditya Khasnis wrote:
> >> > Hello,
> >> >
> >> > We have a LDAP server that uses Cyrus SASL library v 1.5.27.
> >> >
> >> > On AIX 5.2, we observe that the SASL searches take long to return. The
> >> > behavior is such that the first SASL search that we fire returns fast
> >> > but the subsequent search takes long time to return.
> >> >
> >> > I have tried to debug SASL library and in the place where it takes
> >> > long is the function sasl_server_start(), and exact location is line
> >> > 1205.
> >> >
> >> > It will be great if you great if you could provide us any guidance to
> >> > debug the problem. The mechanism we are using in the search is
> >> > DIGEST-MD5.
> >>
> >> Slowdown in Sasl is most of the time related to the lack of entropy.
> >>
> >> Q: I'm having performance problems on each authentication, there is a
> >> noticeable slowdown when sasl initializes, what can I do?
> >>
> >>      A:libsasl reads from /dev/random as part of its initialization.
> >> /dev/random is a "secure" source of entropy, and will block your
> >> application until a sufficient amount of randomness has been collected
> >> to meet libsasl's needs.
> >>
> >>      To improve performance, you can change DEV_RANDOM in config.h to be
> >> /dev/urandom and recompile libsasl. /dev/urandom offers less secure
> >> random numbers but should return immediately. The included mechanisms,
> >> besides OTP and SRP, use random numbers only to generate nonces, so
> >> using /dev/urandom is safe if you aren't using OTP or SRP.
> >>
> >> (http://www.sendmail.org/~ca/email/cyrus2/sysadmin.html)

More information about the Cyrus-devel mailing list