Thank you for the reply Andrey.
I looked into it more realized that it was actually multiple DNS
requests caused by me using a FQDN for the KDC in my krb5.conf file. I
changed it to use the IP address of the KDC instead and everything has
sped up a great deal.
I'm thinking that I should ask the authors of the apache kerberos module
about this, and get their opinion on it.
Thanks again,
Derek.
On Wed, 2009-09-16 at 16:43 -0500, Andrey Repin wrote:
> Greetings, Hoffman, Derek A.!
>
> > Background: My server is using Kerberos to authenticate users
> against an
> > Active Directory server. Our typical repository contains 50 to 200
> mix
> > format files (e.g. word docs, excel, visio, bitmaps, text files,
> etc.).
>
> > Issue: There's a substantial delay when checking out, committing, or
> > updating. I believe Apache is doing a Kerberos authentication for
> EVERY
> > file within the repo when doing a checkout or commit.
>
> To my knowledge, this shouldn't be an issue, unless you separately
> requesting
> each file.
> Have no real experience with Apache/KRB auth, though...
>
> > Netstat on the svn
> > server shows a large number of connections to the AD Server in the
> > WAITING state. There is a slight delay (maybe 0.5s) for Kerberos
> > authentication (svn server is in a separate city from the AD server
> and
> > must traverse corporate WAN).
>
> > Question: Is there any sort of method that would allow the apache
> server
> > to cache these Kerberos authentications so that it wouldn't have to
> > perform an authentication request for every file?
>
>
> --
> WBR,
> Andrey Repin (anrdaemon_at_freemail.ru) 17.09.2009, <1:42>
>
> Sorry for my terrible english...
>
>
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2395788
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-09-17 04:04:29 CEST