Scott Lambert:
> > OK, before less-informed people start to spread urban legends, I did
> > all the measurements with the default nsswitch.conf file (see below)
> > which contains the exact same entries that were making your system
> > crawl.
> >
> > So, while Postfix is now performing better for you, I am less
> > convinced that everything is kosher, unless someone can explain to why
> > the default nsswitch.conf was no good for your particular system (or
> > why it was burning up 98% CPU in kernel mode).
>
> This is not postfix specific. Just in case anyone was inferring
> that.
>
> It has to do with the number of entries in the password file. I
> do not remember the details for why, but with thousands of users
> in the password file anything that maps usernames to uids gets slow
> with passwd and group set to compat. The first time I saw the
> problem was with ls -l in /home on a machine with thousands of
> users. It took minutes. ls -ln completed as quickly as the pty
> could display the output.
Thanks for the backgrouns.
Could you please file a bug report. Originally, 4.4BSD uses a hashed
password file, so there is no excuse why lookups from file should
be slow, especially with the default nsswitch file which is what
everyone ends up using.
Wietse
> I do not have that issue on my cyrus-imapd box which has 20 users
> in the password file, but eight thousand e-mail accounts/mailboxes
> in Cyrus with Cyrus SASL and Postfix using MySQL storage for the
> mailbox lookups/authentication data.
>
> Running ncsd may also mitigate the issue. I have not tried that.
> I was happy to eliminate the latency without running an additional
> daemon.
>
> I do not understand why the default "compat" option, which seems
> to be designed to mimic pre-nsswitch behaviour, is slower than the
> "files" option.
>
> --
> Scott Lambert KC5MLE Unix SysAdmin
> lamb...@lambertfam.org
>
>
