New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kcm: add GET_CRED_LIST for faster iteration #5546
Conversation
This file was copied from MIT Kerberos code, but we do not really need it.
Note that you need to build krb5 from upstream to test it: krb5/krb5#1165 (already merged) |
Hi, the patches work well for me. The feature is already covered by the current KCM integration tests, i.e. if the krb5 client library supports the extension it will be used in the tests. However there is no indication in the tests if the GET_CRED_LIST or GET_CRED_UUID_LIST is used. I wonder if it would be good to have such indication to avoid regressions on platform where we know that the extension is supported? About bye, |
I opened additional PR against Kerberos since the fallback currently does not work: krb5/krb5#1177 |
For large caches, one IPC operation per credential dominates the cost of iteration. Instead transfer the whole list of credentials to the client in one IPC operation. Resolves: SSSD#5545
We can grep the logs and produce a debug message saying which operation was executed but this does not fail the test. I think the right thing to do is to let QA write a performance test that would be able to catch it? They just did manual verification for rhbz#1876514
Done. |
ok
Thanks for the update. The CI failure on rawhide does not look related, so ACK. bye, |
For large caches, one IPC operation per credential dominates the cost of
iteration. Instead transfer the whole list of credentials to the client in
one IPC operation.
Resolves: #5545
This is a continuation of #5375. The first
pull requests addressed bottlenecks in sssd-kcm and reduced the test case
run time from 30 minutes to 2 minutes, this new operation takes it down to
9 seconds.