rough estimate of kadmin addprinc performance?

[Chris Hecker]

I have a pretty old centos machine, it's a dual core P4 2.8ghz with 1gb
of ram, running krb5 1.9.x with and openldap backend.  I'm using
Authen::Krb5::Admin to make a bunch (5000 right now) of princs, and the
performance on this machine is about 10 princs created per second, with
kadmind at 46% cpu, with slapd at 6%.

Does this performance sound right for this level of machine?  Would it
be much faster using libkadm5 in c?  Should I be getting hundreds of
anks/sec or something?

Basically, I'm just looking for a ballpark estimate from somebody with a
clue of whether I'd get much out of optimizing this?

The anks are all happening in a single thread, so they're serialized to
the KDC right now.  Code snippet is below.

Thanks,
Chris


sub create {
  my ($username, $pw) = @_;
  my $ap = Authen::Krb5::Admin::Principal->new;
  $ap->principal(Authen::Krb5::parse_name($username));
  $ap->policy("default");
  $ap->attributes(KRB5_KDB_REQUIRES_PRE_AUTH | KRB5_KDB_DISALLOW_SVR);

  if (!$kadm5->create_principal($ap,$pw)) {
    die Authen::Krb5::Admin::error;
  }
}