[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: kpasswd
man saslauthd
My setup for example. kerb5 checking, 8 threads, 2Mb hash table, 1 hour
timeout, cache enabled
/usr/sbin/saslauthd -a kerberos5 -n 8 -s 2048 -t 3600 -c
from one of my mail servers for example
./saslcache
----------------------------------------
Saslauthd Cache Detail:
timeout (seconds) : 3600
total slots allocated : 3803
slots in use : 108
total buckets : 22818
buckets per slot : 6
buckets in use : 351
hash table size (bytes) : 2099548
bucket size (bytes) : 92
minimum slot allocation : 0
maximum slot allocation : 6
slots at maximum allocation : 25
slots at minimum allocation : 3695
overall hash table load : 0.03
hits* : 12600
misses* : 3872
total lookup attempts* : 16472
hit ratio* : 76.49
flock failures* : 0
----------------------------------------
* May not be completely accurate
----------------------------------------
Allan Streib wrote:
>
> On Friday, October 17, 2003, at 03:54 PM, Paul M Fleming wrote:
>
> > I would also add.. A comment was made about performance. The latest
> > version of saslauthd (v2) supports a caching layer that makes a HUGH
> > difference in speed. We allow credentials to be cached for 1 hour which
> > means only 1 TGT request gets generated each hour then saslauthd caches
> > the results. If you support lots of simple binds via saslauthd
> > (protected by SSL of course) or Cyrus IMAP connections via SSL like we
> > do it makes a BIG difference.
>
> Does this happen by default or is it configurable somewhere? This
> could help us a lot.
>
> Allan