Mailinglist Archive: opensuse-security (520 mails)
| < Previous | Next > |
Re[3]: [suse-security] NSCD
- From: Rob Epping <epping@xxxxxxxxxxx>
- Date: Tue, 19 Dec 2000 17:06:53 +0000
- Message-id: <20001219170653.B17542@xxxxxxxxxxxxxxxxxxxx>
On Tue, Dec 19, 2000 at 04:12:25AM +0100, Roman Drahtmueller wrote:
> > >
> > > To not be completely off topic: Who uses NIS these days? I don't know
> > > anyone ... If it's not popular, then why is it enabled as default?
> >
> > Large organizations tend to, universities/companies. Is it popular,
> > hell no, neither are wisdom teeth extractions either but it has to be
> > done =). As for enabled by default, yeah, why is it Roman/Marc/Tom?
>
> You guys should try to run 30000 or even 600000 users on a single box and
> see the performance drop to zero. :-) It's just not possible without nscd,
> whereas the overhead that results from the socket operations is a bit more
> than what results from the Solaris doors mechanism.
> Anyway, START_NSCD is set to "yes" by default because the nscd has become
> a basic ingredient of the library space. Some other things like nis+ or
> ldap don't work without nscd. Killing/disabling it doesn't really make
> sense because it's very inexpensive: around 600-900 kB for one single
> process (keep in mind that it's multithreaded).
Well i think most of us do not run 30000 or even 600000 users at all and if
you do, then there are that many other speed related problems to solve.
This amount of users needs a lot of tuning and i think installing a
program like NSCD is or should be part of that tuning. I personaly run
SuSE on a web-servers and have NSCD turned of. The reason is that i only
read difficulties of NSCD and every pogram adds a security risc.
Just my 2 (euro-)cents.
GRTNX,
RobJE
--
Home is where my keyboard is.
======================================================================
Tel: +31 - 317 - 423300 s-mail: P.O. box 617
Fax: +31 - 317 - 423164 6700 AP Wageningen
MailTo: r.epping@xxxxxxx WWW: http://www.weer.nl/
> > >
> > > To not be completely off topic: Who uses NIS these days? I don't know
> > > anyone ... If it's not popular, then why is it enabled as default?
> >
> > Large organizations tend to, universities/companies. Is it popular,
> > hell no, neither are wisdom teeth extractions either but it has to be
> > done =). As for enabled by default, yeah, why is it Roman/Marc/Tom?
>
> You guys should try to run 30000 or even 600000 users on a single box and
> see the performance drop to zero. :-) It's just not possible without nscd,
> whereas the overhead that results from the socket operations is a bit more
> than what results from the Solaris doors mechanism.
> Anyway, START_NSCD is set to "yes" by default because the nscd has become
> a basic ingredient of the library space. Some other things like nis+ or
> ldap don't work without nscd. Killing/disabling it doesn't really make
> sense because it's very inexpensive: around 600-900 kB for one single
> process (keep in mind that it's multithreaded).
Well i think most of us do not run 30000 or even 600000 users at all and if
you do, then there are that many other speed related problems to solve.
This amount of users needs a lot of tuning and i think installing a
program like NSCD is or should be part of that tuning. I personaly run
SuSE on a web-servers and have NSCD turned of. The reason is that i only
read difficulties of NSCD and every pogram adds a security risc.
Just my 2 (euro-)cents.
GRTNX,
RobJE
--
Home is where my keyboard is.
======================================================================
Tel: +31 - 317 - 423300 s-mail: P.O. box 617
Fax: +31 - 317 - 423164 6700 AP Wageningen
MailTo: r.epping@xxxxxxx WWW: http://www.weer.nl/
| < Previous | Next > |