saslauthd performance anxiety

Paul M Fleming pfleming at siumed.edu
Fri Jan 10 10:23:39 EST 2003


My current thinking is to use 

http://www.ossp.org/pkg/lib/mm/  for the shared memory stuff and
&
http://256.com/sources/table/ for the hash table

I haven't had a chance to look at:

ftp://ftp.net.ohio-state.edu/pub/users/jrumpf/krbdirp-1.2.0.tar.gz

yet


Igor Brezac wrote:
> 
> On Thu, 9 Jan 2003, Jeremy Rumpf wrote:
> 
> >
> > On Thursday 09 January 2003 03:55 pm, Paul M Fleming wrote:
> > > Timing out the passwords is simple ( I think ) I would store the time
> > > when the entry is added and force a reauth if the password has been
> > > cached longer than a timeout (for example one hour ). That forces a
> > > reauth at least every timeout period of time. If an entry isn't in the
> > > cache (or if it is different the entry would be removed and ) a reauth
> > > would be forced. Every successfull auth would be added to the cache.
> > >
> >
> > Some time ago I wrote a plugin for the Netscape/iPlanet Directory server that
> > intercepted bind authentications and passed them off to a kerberos backend.
> > It allowed us to integrate LDAP services with our Kerberos environment.
> > Anyhow, it implemented just this, with the timeouts and all. I also
> > implemented a checkpoint feature where the hash table was periodically dumped
> > to a file. That way if you restarted the LDAP server you wouldn't lose you're
> > cached entries. You can grab a copy of the plugin at:
> >
> > ftp://ftp.net.ohio-state.edu/pub/users/jrumpf/krbdirp-1.2.0.tar.gz
> >
> > Look in the file krbdirp.c, specifically at the function
> > validate_with_cache(). The text file CACHE also has some thoughts and ideas.
> >
> > The LDAP directory was used for an iPlanet mail setup to store user
> > information. The idea of the credential cache has worked quite well.
> > Implementing it for saslauthd would be a nice feature.
> >
> > I'd be more than willing to help/contribute to the effort.
> >
> > Cheers,
> > Jeremy
> >
> 
> I agree.  I know Simon would like this feature.  :)  Openldap APIs have
> client side cache, but I think it has some issues.
> 
> saslauthd needs to remain a 'light' process.  It is really a helper
> program for 'big' servers such as cyrus, sendmail, postfix, etc..
> 
> You might want to check out http://www.ossp.org/pkg/lib/mm/ for a portable
> IPC library.
> 
> --
> Igor




More information about the Info-cyrus mailing list