On Sun, Nov 11, 2012 at 8:50 PM, Greg Hudson <[email protected]> wrote:
> On 11/11/2012 04:40 PM, Danny Thomas wrote: > > kadmind hits 100% CPU when load-testing with <100 simulated clients. > > For password changes, kadmind has to run the string-to-key algorithm on > the new password for each enctype in supported_enctypes (which defaults > to AES-256, AES-128, DES3, and RC4). The string-to-key algorithm for > the AES enctypes is deliberately slow in order to make dictionary > attacks harder. I believe this operation is swamping any other > performance bottlenecks. > > I would want to see the profile data before I made any recommendation. " premature optimization is the root of all evil " In my experience even when you know the code base extremely well, you can often be quite wrong about where the time is actually spent. - Booker C. Bense ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
