[redhat-lspp] Re: [Keyrings] [RFC] Coming key management support improvements
Trond Myklebust
trond.myklebust at fys.uio.no
Tue Oct 18 21:37:22 UTC 2005
ty den 18.10.2005 klokka 21:10 (+0100) skreiv David Howells:
> Kyle Moffett <mrmacman_g4 at mac.com> wrote:
>
> > It seems like the obvious answer is to avoid massive fork()/exec() load
> > placed on a system handling lots of keys, similar to the idea that high-load
> > servers don't run Apache from inetd.
>
> Yes, but why should there be more than one key per mountpoint? I wouldn't have
> thought that'd be an excessive load.
Sorry I'm a bit slow to respond this week: I'm out travelling again.
Anyhow, fork()+exec can be a problem in the case of a server reboot.
When the server comes up again _everybody_ that is using a
file/directory/... on that server will want to re-establish their
RPCSEC_GSS session.
The result may then be a highly undesirable fork()+exec storm situation.
Cheers,
Trond
More information about the redhat-lspp
mailing list