[cvsnt] Re: Slow authentication with cvsnt and sspi

Krogsgaard, Lotte LK518710 at teradata-ncr.com
Wed Mar 2 17:12:14 GMT 2005


RE: The group enumration shouldn't take more than a fraction of a second
normally.  It sounds like the connection to your domain controller is slow
for some reason... this will be slowing down any application that needs to
authenticate (plus NTFS access etc.) so it's well worth looking into.

- In my environment, the add_valid_group part takes more than 30 seconds -
adding about 30-40 groups, including 'Domain Users' several times.

Authentication when e.g. mounting a drive on the CVS NT server is much
faster - this does in fact take a fraction of a second. I was under the
impression that this should take a comparable amount of time, if the problem
was caused by the Domain Controller?

I don't have any other ideas - other than perhaps trying to create local
users and instruct people to use the same passwords as they do in the
Domain. Could that possibly speed up things?

Regards,
Lotte

-----Original Message-----
From: cvsnt-bounces at cvsnt.org [mailto:cvsnt-bounces at cvsnt.org] On Behalf Of
Tony Hoyle
Sent: Wednesday, March 02, 2005 15:06 PM
To: cvsnt at cvsnt.org
Subject: [cvsnt] Re: Slow authentication with cvsnt and sspi

Krogsgaard, Lotte wrote:
> Domain users are supposedly being authenticated through the CVS group 
> + the appropriate directory settings, however, it has become 
> increasingly slow - not sure whether this may have been caused by an 
> update of the CVS product or some other event. I have traced the time 
> to be spent after 'checking local access token for groups' and I am 
> wondering exactly what is happening during 'add_valid_group'. Actually 
> authentication can be performed successfully through  the CVSUsers 
> group, which the (domain) user is a member of.  As can be seen from 
> the below trace 'Domain Users' are being added multiple times, and 
> this takes a lot of time. Does anyone have any ideas as to what can be
done to improve performance?

Adding groups multiple times is a consequence of nested group memberships...
it looks like your domain admin has added domain users to lots of different
groups (this is harmless though).

The group enumration shouldn't take more than a fraction of a second
normally.  It sounds like the connection to your domain controller is slow
for some reason... this will be slowing down any application that needs to
authenticate (plus NTFS access etc.) so it's well worth looking into.

Tony
_______________________________________________
cvsnt mailing list
cvsnt at cvsnt.org
http://www.cvsnt.org/cgi-bin/mailman/listinfo/cvsnt



More information about the cvsnt mailing list