Has anyone setup a kerberos server on Linux? I've got one setup, but
it's really slow. Slow here is how long it takes apache to allow me to
edit files via webdav or when using subversion. In my previous job I had
apache setup to use mod_auth_kerb to do authentication and talk to a
windows AD server. This worked nicely and seemed to perform well. Now
I'm using the same setup, however I'm using a Linux kerberos server
instead and it's really slow. Around 6 seconds to just do an svn ls.
When I'm using webdav I see a number of propfind and get log entries in
the apache log and they're between 1 and 2 seconds apart. Looking at the
kdc log I see lots of entries created like this:
Aug 20 11:48:07 leech krb5kdc[25237](info): AS_REQ (7 etypes {18 17 16
23 1 3 2}) 128.33.251.52: ISSUE: authtime 1219250887, etypes {rep=16
tkt=16 ses=16}, jschewe at BUM for krbtgt/BUM at BUM
Any ideas as to why this is so slow?
I've found a patch for mod_auth_kerb that caches the authentication data
and that takes care of SVN, however I need group information for webdav,
so I'm using mod_authnz_external with pwauth and that's dog slow. So I
figure there is a problem with my kerberos server setup.
--
Jon Schewe | http://mtu.net/~jpschewe
If you see an attachment named signature.asc, this is my digital signature.
See http://www.gnupg.org for more information.
For I am convinced that neither death nor life, neither angels nor demons,
neither the present nor the future, nor any powers, neither height nor
depth, nor anything else in all creation, will be able to separate us from
the love of God that is in Christ Jesus our Lord. - Romans 8:38-39