[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Re: checkout performance

From: Juergen Richtsfeld <juergenr_at_segue.at>
Date: 2005-12-21 10:58:26 CET

as I'm evaluating subversion for a short time, i don't have lots of
experience with the authentication things. I suppose, I'll do it with
the static file at first (the simple http auth) and spend more time on
some ldap or kerberos authentication later.

> -----Original Message-----
> From: Richard Musil [mailto:richard.musil@gmail.com]
> Sent: Wednesday, December 21, 2005 10:18 AM
> To: users@subversion.tigris.org
> Subject: Re: checkout performance
>
> Now, while you are mentioning this, I recall I have seen on ethereal
> capture session that for each file there are two Kerberos
> authentication
> requests (I do not use keytab) - the first one failing.
>
> As far as SVN documentation goes, it seems to be desired
> behavior (auth
> check on each access).
>
> I thought that turning on KrbSaveCredentials for mod_auth_kerb might
> solve this, but I have not verified it afterwards. This
> should preserve
> credentials until the request is served - the question is, what is
> exactly one request from SVN point of view and whether there has to be
> special support for this feature from authz_svn module.
>
> Do you know how it is done in mod_auth_ldap? Does this module
> implement
> credentials caching on its own? And if yes, for how long?
>
> Richard
>
> Tony Butt wrote:
> > We run our server on a 2.8HGz Xeon processor running SuSE Enterprise
> > Linux 9, running apache2.0.49 and subversion 1.2.3.
> >
> > Our authentication system uses mod_auth_kerb to refer to a
> Windows 2000
> > domain controller, and authz_svn to control access to
> various parts of
> > the repository. There seems to be a bottleneck with the interaction
> > between mod_auth_krb and mod_authz_svn, where the authentication
> > information is not a cached, but checked for EACH FILE in
> the repository
> > that a transaction looks at.
> >
> > I found that something like 4 DNS lookups were also being performed
> > for each file, and fixed most of that by hardcoding IP
> addresses into
> > the krb.conf configuration file. This has reduced the
> server CPU load,
> > but checkouts and log operations are still much slower than we would
> > like, and something like 10x slower than using svn:
> protocol, with no
> > authz_svn (and no auth_kerb). We like mod_auth_kerb for the
> single sign
> > on ability it gives us, but the lack of credential caching is really
> > killing our performance. We have experimented with bdb and fsfs
> > backends, but found no definitive performance differences,
> so you might
> > be able to gain a little there, but not much.
> >
> > In all likelihood, your problems are related to authentication and
> > authorisation - maybe mod_auth_ldap would be better for you?
> >
> > Tony Butt
> >
> > CEA Technologies
> > Canberra, Australia
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun Dec 25 03:22:23 2005

This is an archived mail posted to the Subversion Users mailing list.