Issue #180: pam authentication very slow + fix
| Reported by: | Silas De Munck |
| State: | resolved |
| Created on: | 2015-12-18 10:48 |
| Updated on: | 2018-05-19 15:21 |
Description
Using pam authentication with Mercurial over HTTP is very slow.
I think this is caused by the fact that mercurial always tries to perform an operation anonymously and after that, tries authentication based on username.
A simple 'hg pull', results in 4 calls to the pam module (slow) to authenticate user '' (empty string) + 4 normal calls with username. The empty string also skips the cache in auth_pam.py. And the cache TTL is only 4 seconds, therefore the cache is also invalid most of the time for the valid calls with username. I think the pam module should not call pam for an empty user?
FIX: At the beginning of the auth(...) function in auth_pam.py add the following:
# abort if empty username if not username: return None
Result of 'time hg pull'
*Before: 17s
*After: 3s
Attachments
Comments
Comment by Silas De Munck, on 2015-12-18 10:49
Comment by Silas De Munck, on 2015-12-18 10:55
Comment by Mads Kiilerich, on 2015-12-22 13:50
Thanks!
But how come reducing the number of pam auth calls by a factor 2 could reduce the time by a factor 5?
Comment by Silas De Munck, on 2015-12-22 14:25
I think this is because of the cache TTL, this is by default 4 seconds. The numerous calls seem to take longer than that, invalidating the cache, hence even more pam calls?
Comment by Thomas De Schampheleire, on 2018-05-19 15:21
Fixed with 74e669d8a479