Hi,
We are currently using Squid 3.1.10 on RHEL5.5 and Kerberos
authentication for most of our clients (authorization with an icap
server). At the moment, we are serving approx 8000 users with two
servers. Unfortunately, we have performance troubles with our Kerberos
authentication. Load values are way tooooo high ...
10:19:58 up 16:14, 2 users, load average: 23.03, 32.37, 25.01
10:19:59 up 15:37, 2 users, load average: 58.97, 57.92, 47.73
Peak values have been >70 for the 5min interval. At the moment, there
are approx 400 hits/second (200 per server). We already disabled
caching on harddisk. Avg service time for Kerberos is up to 2500ms
(which is quite long).
Our kerberos configuration looks pretty simple:
#KERBEROS
auth_param negotiate program
/opt/squid/libexec/negotiate_kerberos_auth -s HTTP/fqdn -r
auth_param negotiate children 30
auth_param negotiate keep_alive on
Is there anyway for further caching or something like that?
For testing purposes, we authenticated a certain subnet by IP and load
values decreased to <1. (Unfortunately, this is not possible because
every user gets a policy assigned by its username)
Any ideas anyone? Are there any kerberos related benchmarks available
(could not find any), maybe this issue is not a problem, just a
limitation and we have to add more servers?
Thanks!
best regards
Peter
Received on Wed Feb 09 2011 - 09:34:44 MST
This archive was generated by hypermail 2.2.0 : Wed Feb 09 2011 - 12:00:02 MST