| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, David Steele <david(at)pgmasters(dot)net>, Joe Conway <mail(at)joeconway(dot)com>, Magnus Hagander <magnus(at)hagander(dot)net>, Michael Paquier <michael(at)paquier(dot)xyz>, Nico Williams <nico(at)cryptonector(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Robbie Harwood <rharwood(at)redhat(dot)com> |
| Subject: | Re: [PATCH v20] GSSAPI encryption support |
| Date: | 2019-04-04 16:16:24 |
| Message-ID: | 15827.1554394584@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
>> So I'm a bit surprised that it's taking 4 minutes for you. I wonder if
>> there might be an issue related to the KDC wanting to get some amount of
>> random data and the system you're on isn't producing random bytes very
>> fast..?
> Not sure. This is my usual development box and it also does mail, DNS,
> etc for my household, so I'd expect it to have plenty of entropy.
> But it's running a pretty old kernel, and old Kerberos too, so maybe
> the explanation is in there somewhere.
Same test on a laptop running Fedora 28 takes a shade under 5 seconds.
The laptop has a somewhat better geekbench rating than my workstation,
but certainly not 50x better. And I really doubt it's got more entropy
sources than the workstation. Gotta be something about the kernel.
Watching the test logs, I see that essentially all the time on the RHEL6
machine is consumed by the two
# Running: /usr/sbin/kdb5_util create -s -P secret0
steps. Is there a case for merging the two scripts so we only have to
do that once? Maybe not, if nobody else sees this.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2019-04-04 16:24:52 | Re: [PATCH v20] GSSAPI encryption support |
| Previous Message | Antonin Houska | 2019-04-04 15:52:01 | Re: "WIP: Data at rest encryption" patch and, PostgreSQL 11-beta3 |