Jeremy, This stuff looks great and with a limited user sample (10) the performance improvement was almost 100 fold. Keep in mind, this is my first crack at it. I am using Solaris 9. I am getting the following error
# ./saslcache -s could not attach shared memory segment: 1200 shmat: Invalid argument It is likely I need to adjust shared memory params. I'll let you know what I find. One more note, can you make the changes against the cvs version? -Igor On Tue, 14 Jan 2003, Jeremy Rumpf wrote: > All, > > I've been working on combining some of the ideas for a credential caching > layer into saslauthd. This is the first release for review/comments/testing. > > Changes: > > Three files have been added to the saslauthd package: > > cache.c > cache.h > README.cache > saslcache.c > > Four files have been modified > > Makefile.am > Makefile.in > saslauthd-doors.c > saslauthd-unix.c > > The saslauthd executable now accepts three new command line switches. > > -c Enables the credential cache > -s Sets the size of the credential cache in kilobytes > -t Sets the timeout of items in the credential cache in seconds > > A show_usage() function has been added that dumps all possible options out > when an invalid command line switch is found: > > ./saslauthd: invalid option -- - > usage: saslauthd [options] > > option information: > -a <authmech> Selects the authentication mechanism to use. > -c Enable credential caching. > -d Enables debugging, run in the foreground. > -O <option> Optional argument to pass to the authentication > mechanism. > -m <path> Alternate path for the mux socket, must be absolute. > -n <threads> Number of worker threads to create > -s <kilobytes> Size of the credential cache (in kilobytes) > -t <seconds> Timeout for items in the credential cache (in seconds) > -T Honor time-of-day login restrictions. > -v Display version information and available > authentication mechanisms and exit. > > > The caching layer caches the username, realm, service, and an md5 hash of the > passwords for all authentication mechanisms (LDAP, rimap, PAM, etc). It's > been tested it on RedHat 7.2 Alpha and RedHat 7.3 Intel. I've also only been > able to compile the modifications using the unix IPC option > (saslauthd-unix.c). The same modifications have been made to the doors IPC > option (saslauthd-doors.c), but have not been compiled or tested. More > detailed information about the cache is in the README.cache file. > > In addition to testsaslauthd, a second utility is included, saslcache. The > saslcache utility can be used to attach to the shared memory segment and > perform various tasks. The saslcache utility can be built by: > > cd saslauthd > make saslcache > > Usage examples: > > ./saslcache -s dumps out some information about the cache > > ---------------------------------------- > Saslauthd Cache Detail: > > timeout (seconds) : 28800 > total slots allocated : 3643 > slots in use : 3 > total buckets : 21858 > buckets per slot : 6 > buckets in use : 3 > hash table size (bytes) : 2098536 > bucket size (bytes) : 96 > minimum slot allocation : 0 > maximum slot allocation : 1 > slots at maximum allocation : 3 > slots at minimum allocation : 3640 > overall hash table load : 0.00 > > hits* : 19 > misses* : 3 > total lookup attempts* : 22 > hit ratio* : 86.36 > ---------------------------------------- > * May not be completely accurate > ---------------------------------------- > > ./saslcache -d dumps the contents of the cache in a csv format > > "user","realm","service","created","created_localtime" > "m3","","imap","1042513583","Mon Jan 13 22:06:23 2003" > "m2","","imap","1042513256","Mon Jan 13 22:00:56 2003" > "m1","","imap","1042513355","Mon Jan 13 22:02:35 2003" > > > ./saslcache -f purges/deletes all entries in the cache > > 21858 entries purged > > Todo: > > Test the doors IPC stuff. > Test on alternate OSs (only linux so far) > Have someone help with the autoconf stuff. I'm not very familiar with autoconf > and modeled the modifications after those for testsaslauthd. I'm not sure if > they're entirely correct. > > For testing one should probably run saslauthd with the -d switch. The cache > will log information to syslog (LOG_INFO|LOG_AUTH). Optionally, one could use > the saslcache utility. > > Log Example: > > saslauthd[27772]: cache_lookup: user=m2 realm= service=imap: not found, entry > created > saslauthd[27772]: OK: user=m2 service=imap realm= > saslauthd[27772]: cache_lookup: user=m2 realm= service=imap: found with valid > passwd > saslauthd[27772]: OK: user=m2 service=imap realm= > saslauthd[20673]: cache_lookup: user=m2 realm= service=imap: found with > invalid passwd, passwd synced > saslauthd[20673]: cache_purge : prior lookup purged > saslauthd[20673]: AUTHFAIL: user=m2 service=imap realm= > > > Anyhow, if anyone wants to give it a whirl. Here's a first patch attempt > against cyrus-sasl-2.1.10: > > >ftp://ftp.net.ohio-state.edu/pub/users/jrumpf/cyrus-sasl/cyrus-sasl-2.1.10-cache-1.patch > > Or, a fully patched tar of cyrus-sasl-2.1.10 at: > > >ftp://ftp.net.ohio-state.edu/pub/users/jrumpf/cyrus-sasl/cyrus-sasl-2.1.10-cache-1.tar.gz > > > Feedback welcome... > > Cheers, > Jeremy > > > > -- Igor
