Portable Name Resolution (was Need performance hints for large servers)

Portable Name Resolution (was Need performance hints for large servers)

Post by Robert Davi » Sun, 19 Mar 1995 03:14:32



I'm cross-posting to comp.security.unix in case something already exists, and
comp.lang.perl, just on the off chance that they can whip it up over the weekend  :)


*
* >Current configuration has 9,000 users in the password file and allows up
* >to 200 connections.  We are not running NIS or NIS+.  What can I do to
* >improve performance of password file lookups?  95% of the time the system

The reason I've not wanted to simply rdist, local files is because of this.
Even with NIS under SunOS 4 I've had to do workrounds, using Net Groups, to
restrict access to some machines, and some grotesque hacks.

For Solaris I've been expecting to have to implement, a special login program,
once the NIS compat is dropped (or I drop NIS).


* The easiest way to "solve" the problem is to use NIS, but that brings along
* a whole set of new problems.  The right way to solve the problem is to write a
* dbm-style backend for the password file.  The name services switch interface is
* documented in /usr/include/nss_*, if you want to give it a try.  

Now that's an idea!

I've been pondering this as local files, NS kit and NIS+ have too many gotcha's.
Would there be any takers for PNR - Portable Name Resolution?

The aim would be quick and dirty hack (to begin with), I see 2 parts to this :

    1) Master format - some management tools,
                     - distribution scheme -> local format flat file, Berkeley DB,
                                  dbm file, NIS maps, whatever
                     - mapping scheme for Bastion hosts, DBs and such like

    2) OS specific implentation
                     - Solaris 2.4 using name service switch.
                     - ULTRIX supports DBM passwd file or local ypservs.
                     - SunOS 4, DBM in /var/yp/`domainname` plus ypserv & securenets?

The OS part, could become unecessary, when Vendors introduce better caching.

Perl5 and the Berkeley DB lib, allow simple creation of lookup caches,
analagous to NIS's <map>.by<key> DBM files, only :

     1)  faster, through a memory cache, but a limited one to avoid swap
     2)  byte independant, makes it very rdist-able
     3)  hash / btrees supported

Some mechanism to distribute a master DB, to allow OS specific format files,
like passwd(5), whoops (ggrrrrr) I meant passwd(4) and shadow(4)).

A daemon to handle password changes would be required, rlogin to a master host
is not acceptable (inconvenient and clear text passwords over net).

Perhaps something better than NIS that's not OS specific already exists?
Did the BSD User DB get any further than it's usage in V8 sendmail?

-- Rob

 
 
 

1. Need performance hints for large servers

Hello, we are running a SS10 model 514 with 512MB of ram with Solaris 2.4.
Current configuration has 9,000 users in the password file and allows up
to 200 connections.  We are not running NIS or NIS+.  What can I do to
improve performance of password file lookups?  95% of the time the system
response is good to very good unless you do something that hits on the
/etc/passwd file like:
        /usr/ucb/ps -aux
Then the 800 or 900 process display at a rate of about 2 per second.
Other commands similarly affected are "ls -l" and "finger".

Any suggestions or help is appreciated!
--
             ,--, | Ron Nash      San Diego State University

   ,;`( )__, )  ~ |  
  //  //   '--;   | Gin-N-Tonic   endurance horse
  '   \     |     | Luv on Fire   trusty trail horse

2. KDE 2.2

3. Does a home network router need to run a DNS server for robust name resolution ?

4. How do I regain control terminal on Solaris 2?

5. Help: Very slow name resolution on AIX 4.3.2 with name server

6. Data Type Sizes

7. Need some hints for DLing large files in C...

8. Problem with networking

9. Need UNIX/Informix Performance Hints

10. I need/am looking for advice on performance testing tools for smp/scsi system

11. Domain name resolution servers

12. Linux PPP server and Name Resolution Problem

13. Linux Client Name Resolution via CIFS Server