hi Markus, Thanks for your quick response and the information! "export KRB5RCACHETYPE=none" in squid init script did the job, high cpu usage is gone. Squid Version is 2.7Stable6, Requests per second are about 20 average, i don´t know if this is low, medium or high squid load, i would guess low :) Thanks again for your help! Regards jay -------- Original-Nachricht -------- > Datum: Wed, 24 Jun 2009 20:25:59 +0100 > Von: "Markus Moeller" <huaraz@xxxxxxxxxxxxxxxx> > An: squid-users@xxxxxxxxxxxxxxx > Betreff: Re: squid_kerb_auth high CPU usage > BTW What is your request/sec rate so that I can judge better if it is a > general low, medium or high squid load ? > > Thank you > Markus > > "J.J." <jayjayjay@xxxxxx> wrote in message > news:20090624140826.52200@xxxxxxxxxx > > hi Everybody! > > > > i have a problem with authentication helper squid_kerb_auth. > > It's consuming too much CPU. 15 min Load average from the squid server > is > > about 5, 5 min average peaks upto 13, see top output > > > > top - 13:48:13 up 15:45, 5 users, load average: 8.23, 6.21, 4.85 > > Tasks: 175 total, 2 running, 173 sleeping, 0 stopped, 0 zombie > > Cpu(s): 11.0%us, 25.6%sy, 0.0%ni, 45.6%id, 16.3%wa, 0.2%hi, 1.3%si, > > 0.0%st > > Mem: 2073876k total, 2020008k used, 53868k free, 251548k buffers > > Swap: 2031608k total, 640k used, 2030968k free, 1029856k cached > > > > The Cache serves about 350 Users, OS is Fedora 10. > > > > From stracing a helper process i saw its opening/writing/reading from > and > > to "/var/tmp/HTTP_501" , which is a 150-200k file, growing and shrinking > > all the time, containing all the Usernames a few times. > > > > Kerberos as itself works as intended. I already changed number of helper > > childs, did not help. > > > > I found no suspicious alerts in the cache log or other system logs, just > > high CPU Usage. > > > > Does anybody know if this behaviour is OK, or how to debug it? > > > > This HTTP_501 file, which contains every Username more than redundant, > > also makes me curious, as HTTP 501 is error code for "not implemented" > > > > Anybody with Kerberos Config here that can help me with this? > > > > Thanks! > > > > Regards > > > > jay > > > > > > ---krb5.conf > > > > [logging] > > default = SYSLOG:VERBOSE:USER > > > > [libdefaults] > > default_realm = XXXX > > dns_lookup_realm = false > > dns_lookup_kdc = false > > default_keytab_name = FILE:/etc/krb5.keytab > > clockskew = 300 > > > > ... > > > > [appdefaults] > > pam = > > { > > debug = false > > ticket_lifetime = 36000 > > renew_lifetime = 36000 > > forwardable = true > > krb4_convert = false > > } > > > > -- > > GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! > > Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01 > > > -- GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
