Re: Fwd: mech_step takes long to return
Aditya Khasnis wrote: Hello, We have a LDAP server that uses Cyrus SASL library v 1.5.27. On AIX 5.2, we observe that the SASL searches take long to return. The behavior is such that the first SASL search that we fire returns fast but the subsequent search takes long time to return. I have tried to debug SASL library and in the place where it takes long is the function sasl_server_start(), and exact location is line 1205. It will be great if you great if you could provide us any guidance to debug the problem. The mechanism we are using in the search is DIGEST-MD5. Slowdown in Sasl is most of the time related to the lack of entropy. Q: I'm having performance problems on each authentication, there is a noticeable slowdown when sasl initializes, what can I do? A:libsasl reads from /dev/random as part of its initialization. /dev/random is a secure source of entropy, and will block your application until a sufficient amount of randomness has been collected to meet libsasl's needs. To improve performance, you can change DEV_RANDOM in config.h to be /dev/urandom and recompile libsasl. /dev/urandom offers less secure random numbers but should return immediately. The included mechanisms, besides OTP and SRP, use random numbers only to generate nonces, so using /dev/urandom is safe if you aren't using OTP or SRP. (http://www.sendmail.org/~ca/email/cyrus2/sysadmin.html) -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Rudy Gevaert [EMAIL PROTECTED] tel:+32 9 264 4734 Directie ICT, afd. Infrastructuur ICT Department, Infrastructure office Groep SystemenSystems group Universiteit Gent Ghent University Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Re: Fwd: mech_step takes long to return
Thank you for you suggestion Rudy, I changed the config.h as mentioned but the performance didn't improve. It still takes a long in mech_step. Should I check anything else? Regards, Aditya -Original Message- Re: Fwd: mech_step takes long to return From : Rudy Gevaert [EMAIL PROTECTED] To: [EMAIL PROTECTED] CC: cyrus-devel@lists.andrew.cmu.edu Date: Tuesday 23 October 2007 17:44 Aditya Khasnis wrote: Hello, We have a LDAP server that uses Cyrus SASL library v 1.5.27. On AIX 5.2, we observe that the SASL searches take long to return. The behavior is such that the first SASL search that we fire returns fast but the subsequent search takes long time to return. I have tried to debug SASL library and in the place where it takes long is the function sasl_server_start(), and exact location is line 1205. It will be great if you great if you could provide us any guidance to debug the problem. The mechanism we are using in the search is DIGEST-MD5. Slowdown in Sasl is most of the time related to the lack of entropy. Q: I'm having performance problems on each authentication, there is a noticeable slowdown when sasl initializes, what can I do? A:libsasl reads from /dev/random as part of its initialization. /dev/random is a secure source of entropy, and will block your application until a sufficient amount of randomness has been collected to meet libsasl's needs. To improve performance, you can change DEV_RANDOM in config.h to be /dev/urandom and recompile libsasl. /dev/urandom offers less secure random numbers but should return immediately. The included mechanisms, besides OTP and SRP, use random numbers only to generate nonces, so using /dev/urandom is safe if you aren't using OTP or SRP. (http://www.sendmail.org/~ca/email/cyrus2/sysadmin.html)
