hi Everybody!
i have a problem with authentication helper squid_kerb_auth.
It's consuming too much CPU. 15 min Load average from the squid server is
about 5, 5 min average peaks upto 13, see top output
top - 13:48:13 up 15:45, 5 users, load average: 8.23, 6.21, 4.85
Tasks: 175 total, 2 running, 173 sleeping, 0 stopped, 0 zombie
Cpu(s): 11.0%us, 25.6%sy, 0.0%ni, 45.6%id, 16.3%wa, 0.2%hi, 1.3%si,
0.0%st
Mem: 2073876k total, 2020008k used, 53868k free, 251548k buffers
Swap: 2031608k total, 640k used, 2030968k free, 1029856k cached
The Cache serves about 350 Users, OS is Fedora 10.
From stracing a helper process i saw its opening/writing/reading from and
to "/var/tmp/HTTP_501" , which is a 150-200k file, growing and shrinking
all the time, containing all the Usernames a few times.
Kerberos as itself works as intended. I already changed number of helper
childs, did not help.
I found no suspicious alerts in the cache log or other system logs, just
high CPU Usage.
Does anybody know if this behaviour is OK, or how to debug it?
This HTTP_501 file, which contains every Username more than redundant,
also makes me curious, as HTTP 501 is error code for "not implemented"
Anybody with Kerberos Config here that can help me with this?
Thanks!
Regards
jay
---krb5.conf
[logging]
default = SYSLOG:VERBOSE:USER
[libdefaults]
default_realm = XXXX
dns_lookup_realm = false
dns_lookup_kdc = false
default_keytab_name = FILE:/etc/krb5.keytab
clockskew = 300
...
[appdefaults]
pam =
{
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
--
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
