On Mon, 16 Sep 2002 [EMAIL PROTECTED] wrote: > >(Slide 11) > >Technically, you can have administrative accounts other than > >"cyrus". And you can change the access right required to delete folders > >with the deleteright flag. > > True, but again a little deeper than I want to go. It has to fit in 45 > minutes. :)
Yeah, I wasn't sure how much detail you wanted ;) > > - SASLdb is not the only way of storing shared secrets, and there are > > other mechanisms that can use them (SRP, OTP) > > Right, but seems more fitting for a presentation on SASL itself. Yes. But this can often be a source of confusion (especially with confusion between sasldb and auxprop), but again, more detail than you probably need. > >(Slide 16) > >- "-n 5" is probably low for a reasonably high traffic site. > > I've got about 200 users, if there should be more threads will authentication > fail or just be really slow? Authentication will start to fail (atleast when using unix domain sockets), because the saslauthd listen queue will fill up. I don't believe the doors IPC mechanism has this problem, since it allocates threads dynamicly (though you need to be on Solaris). Though, with only 200 users I doubt you have much to worry about unless they all decide to log in at once, in which case you'll crush the machine just fork()ing that much. A good guess for the number of threads you want is about 1.5 x the average number of connections you see in a second, which errs slightly on the high side. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
