saslauthd performance

Igor Brezac igor at ipass.net
Tue Nov 16 11:02:05 EST 2004 

On Tue, 16 Nov 2004, Axel Grupe wrote:

> Igor Brezac wrote:
>
>> 
>> On Mon, 15 Nov 2004, Axel Grupe wrote:
>> 
>>> Hi,
>>> 
>>> I got performance problems with saslauth daemon. I`m using debian with 
>>> cyrus 2.1.16 and saslauthd 2.1.19 for authentication.
>>> The saslauthd is configured to use pam, which itself uses mysql for 
>>> password-verification.
>>> 
>>> I test the system with 50 perl-script in the background from another 
>>> machine, which makes continuous pop3-connections to my server.
>>> 
>>> So, the problem is, if I just take one user for the 
>>> perl-authentification-test,  cyrus or better the saslauthd can handle up 
>>> to 7000 queries per minute.
>>> But, if there isn`t only one user but rather 45.000 users, which will be 
>>> connected through the perl-scripts. The performance goes down to ~1000 
>>> queries per minute.
>>> I don`t think this causes of pam or mysql, because if saslauthd uses 
>>> directly ldap (just al little test of me) saslauthd just handles the same 
>>> (~1000) queries per minute.
>> 
>> 
>> If you want to test the speed of saslauthd alone, do not use pop3 to test 
>> the authentication.  It seems to me you are bound by the speed of 
>> cyrus-imapd rather than saslauthd.  saslauthd/ldap can do way more than 
>> 1000 auths per minute.
>> 
>>> Another test: if I use auxprop in cyrus with mysql, it goes at least down 
>>> to 150 queries per minute.
>>> 
>>> I fixed some params of saslauthd like -c, -n (0), -t  ... but it didn`t 
>>> get fast!!!
>> 
>> 
>> -n 0 will make it slower...
>> 
> Hey, you're right.
>
> I performed a test for my saslauthd, it makes 1000 authentications within ~ 
> 6,65 seconds (not bad!), and it still uses pam-> mysql.
> If I make the same test with saslauthd using ldap it goes "down" to ~ 6,625.

What is in your ldap saslauthd.conf?  My guess you use a default setup 
which uses ldap_auth_method: bind.  This is by far the worst for 
performance.

> In deed these where cached by saslauthd.
> When I restart saslauthd the performance is for mysql : ~ 11,22 and for ldap 
> ~14,72 seconds, which is in deed a little bit funny!
> But it doesn't matter because of  cyrus won't get that fast to come over 
> this.
> (at least i use this PARAMS="${PARAMS}  -n 5 -c -s 2048 -t 600 ")
>
> Thanks a lot, know it's time to tune cyrus!
>
>

-- 
Igor
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list