Re: [PATCH v20] GSSAPI encryption support

Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> writes:

> I wrote:
>> Stephen Frost <sfrost(at)snowman(dot)net> writes:
>>> So I'm a bit surprised that it's taking 4 minutes for you. I wonder if
>>> there might be an issue related to the KDC wanting to get some amount of
>>> random data and the system you're on isn't producing random bytes very
>>> fast..?
>
>> Not sure. This is my usual development box and it also does mail, DNS,
>> etc for my household, so I'd expect it to have plenty of entropy.
>> But it's running a pretty old kernel, and old Kerberos too, so maybe
>> the explanation is in there somewhere.
>
> Same test on a laptop running Fedora 28 takes a shade under 5 seconds.
> The laptop has a somewhat better geekbench rating than my workstation,
> but certainly not 50x better. And I really doubt it's got more entropy
> sources than the workstation. Gotta be something about the kernel.
>
> Watching the test logs, I see that essentially all the time on the RHEL6
> machine is consumed by the two
>
> # Running: /usr/sbin/kdb5_util create -s -P secret0
>
> steps. Is there a case for merging the two scripts so we only have to
> do that once? Maybe not, if nobody else sees this.

I think that would be a good idea! Unfortunately I don't speak perl
well enough to do that, so I'd just copied-and-modified.

Thanks,
--Robbie