Re: [PATCH v20] GSSAPI encryption support
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Stephen Frost <sfrost@snowman.net>
Cc: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>,
Alvaro Herrera <alvherre@2ndquadrant.com>,
David Steele <david@pgmasters.net>, Joe Conway <mail@joeconway.com>,
Magnus Hagander <magnus@hagander.net>,
Michael Paquier <michael@paquier.xyz>,
Nico Williams <nico@cryptonector.com>,
PostgreSQL-development <pgsql-hackers@postgresql.org>,
Robbie Harwood <rharwood@redhat.com>
Date: 2019-04-04T16:16:24Z
Lists: pgsql-hackers
I wrote: > Stephen Frost <sfrost@snowman.net> writes: >> So I'm a bit surprised that it's taking 4 minutes for you. I wonder if >> there might be an issue related to the KDC wanting to get some amount of >> random data and the system you're on isn't producing random bytes very >> fast..? > Not sure. This is my usual development box and it also does mail, DNS, > etc for my household, so I'd expect it to have plenty of entropy. > But it's running a pretty old kernel, and old Kerberos too, so maybe > the explanation is in there somewhere. Same test on a laptop running Fedora 28 takes a shade under 5 seconds. The laptop has a somewhat better geekbench rating than my workstation, but certainly not 50x better. And I really doubt it's got more entropy sources than the workstation. Gotta be something about the kernel. Watching the test logs, I see that essentially all the time on the RHEL6 machine is consumed by the two # Running: /usr/sbin/kdb5_util create -s -P secret0 steps. Is there a case for merging the two scripts so we only have to do that once? Maybe not, if nobody else sees this. regards, tom lane
Commits
-
GSSAPI encryption support
- b0b39f72b990 12.0 landed
-
Fix typo
- 57c932475504 9.6.0 cited