[PATCH][saslauthd] cyrus-sasl-2.1.10/saslauthd credential caching

Igor Brezac igor at ipass.net
Tue Jan 14 23:36:05 EST 2003 

Jeremy,

This stuff looks great and with a limited user sample (10) the performance
improvement was almost 100 fold.  Keep in mind, this is my first crack at
it.  I am using Solaris 9.  I am getting the following error

# ./saslcache -s
could not attach shared memory segment: 1200
shmat: Invalid argument

It is likely I need to adjust shared memory params.  I'll let you know
what I find.

One more note, can you make the changes against the  cvs version?

-Igor

On Tue, 14 Jan 2003, Jeremy Rumpf wrote:

> All,
>
> I've been working on combining some of the ideas for a credential caching
> layer into saslauthd. This is the first release for review/comments/testing.
>
> Changes:
>
> Three files have been added to the saslauthd package:
>
>  cache.c
>  cache.h
>  README.cache
>  saslcache.c
>
> Four files have been modified
>
>  Makefile.am
>  Makefile.in
>  saslauthd-doors.c
>  saslauthd-unix.c
>
> The saslauthd executable now accepts three new command line switches.
>
> -c	Enables the credential cache
> -s	Sets the size of the credential cache in kilobytes
> -t	Sets the timeout of items in the credential cache in seconds
>
> A show_usage() function has been added that dumps all possible options out
> when an invalid command line switch is found:
>
> ./saslauthd: invalid option -- -
> usage: saslauthd [options]
>
> option information:
>   -a <authmech>  Selects the authentication mechanism to use.
>   -c             Enable credential caching.
>   -d             Enables debugging, run in the foreground.
>   -O <option>    Optional argument to pass to the authentication
>                  mechanism.
>   -m <path>      Alternate path for the mux socket, must be absolute.
>   -n <threads>   Number of worker threads to create
>   -s <kilobytes> Size of the credential cache (in kilobytes)
>   -t <seconds>   Timeout for items in the credential cache (in seconds)
>   -T             Honor time-of-day login restrictions.
>   -v             Display version information and available
>                  authentication mechanisms and exit.
>
>
> The caching layer caches the username, realm, service, and an md5 hash of the
> passwords for all authentication mechanisms (LDAP, rimap, PAM, etc). It's
> been tested it on RedHat 7.2 Alpha and RedHat 7.3 Intel. I've also only been
> able to compile the modifications using the unix IPC option
> (saslauthd-unix.c). The same modifications have been made to the doors IPC
> option (saslauthd-doors.c), but have not been compiled or tested. More
> detailed information about the cache is in the README.cache file.
>
> In addition to testsaslauthd, a second utility is included, saslcache. The
> saslcache utility can be used to attach to the shared memory segment and
> perform various tasks. The saslcache utility can be built by:
>
> cd saslauthd
> make saslcache
>
> Usage examples:
>
> ./saslcache -s          dumps out some information about the cache
>
> ----------------------------------------
> Saslauthd Cache Detail:
>
>   timeout (seconds)           :  28800
>   total slots allocated       :  3643
>   slots in use                :  3
>   total buckets               :  21858
>   buckets per slot            :  6
>   buckets in use              :  3
>   hash table size (bytes)     :  2098536
>   bucket size (bytes)         :  96
>   minimum slot allocation     :  0
>   maximum slot allocation     :  1
>   slots at maximum allocation :  3
>   slots at minimum allocation :  3640
>   overall hash table load     :  0.00
>
>   hits*                       :  19
>   misses*                     :  3
>   total lookup attempts*      :  22
>   hit ratio*                  :  86.36
> ----------------------------------------
> * May not be completely accurate
> ----------------------------------------
>
> ./saslcache -d          dumps the contents of the cache in a csv format
>
> "user","realm","service","created","created_localtime"
> "m3","","imap","1042513583","Mon Jan 13 22:06:23 2003"
> "m2","","imap","1042513256","Mon Jan 13 22:00:56 2003"
> "m1","","imap","1042513355","Mon Jan 13 22:02:35 2003"
>
>
> ./saslcache -f          purges/deletes all entries in the cache
>
> 21858 entries purged
>
> Todo:
>
> Test the doors IPC stuff.
> Test on alternate OSs (only linux so far)
> Have someone help with the autoconf stuff. I'm not very familiar with autoconf
> and modeled the modifications after those for testsaslauthd. I'm not sure if
> they're entirely correct.
>
> For testing one should probably run saslauthd with the -d switch. The cache
> will log information to syslog (LOG_INFO|LOG_AUTH). Optionally, one could use
> the saslcache utility.
>
> Log Example:
>
> saslauthd[27772]: cache_lookup: user=m2 realm= service=imap: not found, entry
> created
> saslauthd[27772]: OK: user=m2 service=imap realm=
> saslauthd[27772]: cache_lookup: user=m2 realm= service=imap: found with valid
> passwd
> saslauthd[27772]: OK: user=m2 service=imap realm=
> saslauthd[20673]: cache_lookup: user=m2 realm= service=imap: found with
> invalid passwd, passwd synced
> saslauthd[20673]: cache_purge : prior lookup purged
> saslauthd[20673]: AUTHFAIL: user=m2 service=imap realm=
>
>
> Anyhow, if anyone wants to give it a whirl. Here's a first patch attempt
> against cyrus-sasl-2.1.10:
>
> ftp://ftp.net.ohio-state.edu/pub/users/jrumpf/cyrus-sasl/cyrus-sasl-2.1.10-cache-1.patch
>
> Or, a fully patched tar of cyrus-sasl-2.1.10 at:
>
> ftp://ftp.net.ohio-state.edu/pub/users/jrumpf/cyrus-sasl/cyrus-sasl-2.1.10-cache-1.tar.gz
>
>
> Feedback welcome...
>
> Cheers,
> Jeremy
>
>
>
>

-- 
Igor

More information about the Info-cyrus mailing list