RE: Cyrus, Solaris 10, ZFS? (and NIS?)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> -----Original Message-----
> From: info-cyrus-bounces@xxxxxxxxxxxxxxxxxxxx [mailto:info-cyrus-
> bounces@xxxxxxxxxxxxxxxxxxxx] On Behalf Of Michael Loftis
> Sent: Thursday, October 05, 2006 5:37 PM
> To: Chaskiel M Grundman; betsys@xxxxxxxxxxxxxxx
> Cc: info-cyrus@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: Cyrus, Solaris 10, ZFS? (and NIS?)
> 
> 
> 
> --On October 5, 2006 4:46:54 PM -0400 Chaskiel M Grundman
> <cg2v@xxxxxxxxxxxxxx> wrote:
> 
> >
> >
> 
> > mynewstate is taking 8s to run, and very little of the time is taken up
> > in local subroutines.
> > auth_unix.c:mynewstate calls getpwnam, and then iterates over all the
> > groups using getgrent(),
> > checking to see what groups the user is in. The fact that imapd does
> this
> > twice might be a bug, but even if it didn't do it twice, it would still
> > be slow.
> >
> > Is running "getent group" slow?
> 
> We had to patch this out of our Cyrus frontends using LDAP as well because
> it iterates instead of retrieves.  We just decided not to support groups
> in
> the ACL's.
> 
> I'd suspect this is exactly whats going on is this code is still there in
> latest Cyrus and it's building the ACL representation.  If you don't care
> about groups you can find, and remove, that code as we did.

Cyrus already deals with this deficiency; unix_group_enable: 0 (not really
cyrus fault).  There is at least one other and more effective way to
implement group ACLs especially if you use LDAP via pts.  See man imapd.conf
(unfortunately not much more documentation than that)
 
-Igor

----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux