[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: kpasswd



man saslauthd

My setup for example. kerb5 checking, 8 threads, 2Mb hash table, 1 hour
timeout, cache enabled

/usr/sbin/saslauthd -a kerberos5 -n 8 -s 2048 -t 3600 -c

from one of my mail servers for example

./saslcache
----------------------------------------
Saslauthd Cache Detail:

  timeout (seconds)           :  3600
  total slots allocated       :  3803
  slots in use                :  108
  total buckets               :  22818
  buckets per slot            :  6
  buckets in use              :  351
  hash table size (bytes)     :  2099548
  bucket size (bytes)         :  92
  minimum slot allocation     :  0
  maximum slot allocation     :  6
  slots at maximum allocation :  25
  slots at minimum allocation :  3695
  overall hash table load     :  0.03

  hits*                       :  12600
  misses*                     :  3872
  total lookup attempts*      :  16472
  hit ratio*                  :  76.49
  flock failures*             :  0
----------------------------------------
* May not be completely accurate
----------------------------------------


Allan Streib wrote:
> 
> On Friday, October 17, 2003, at 03:54 PM, Paul M Fleming wrote:
> 
> > I would also add.. A comment was made about performance. The latest
> > version of saslauthd (v2) supports a caching layer that makes a HUGH
> > difference in speed. We allow credentials to be cached for 1 hour which
> > means only 1 TGT request gets generated each hour then saslauthd caches
> > the results. If you support lots of simple binds via saslauthd
> > (protected by SSL of course) or Cyrus IMAP connections via SSL like we
> > do it makes a BIG difference.
> 
> Does this happen by default or is it configurable somewhere?  This
> could help us a lot.
> 
> Allan