From owner-freebsd-hackers  Wed Oct 11 07:59:56 1995
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id HAA10029
          for hackers-outgoing; Wed, 11 Oct 1995 07:59:56 -0700
Received: from ns1.win.net (ns1.win.net [204.215.209.3])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id HAA10022
          for <hackers@freebsd.org>; Wed, 11 Oct 1995 07:59:45 -0700
Received: (from bugs@localhost) by ns1.win.net (8.6.11/8.6.9) id LAA02775 for hackers@freebsd.org; Wed, 11 Oct 1995 11:04:57 -0400
From: Mark Hittinger <bugs@ns1.win.net>
Message-Id: <199510111504.LAA02775@ns1.win.net>
Subject: re: ANNEX'es erpcd: WEIRD behavior
To: hackers@freebsd.org
Date: Wed, 11 Oct 1995 11:04:56 -0400 (EDT)
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Content-Length: 1821      
Sender: owner-hackers@freebsd.org
Precedence: bulk

> From: Rashid Karimov <rashid@rk.ios.com>
> 	We have a dozen of ANNEX Terminal Servers serving
> 	our customers. The beast authentificates thru "erpcd"
> 	daemon via some rather proprietory protocol.
> 	Works fine on Sun Sparcs ( 2,10), but the version I
> 	compiled for FreeBSD moves the load aver. of the PC
> 	it runs on up to the level of 70-100.(P90/SCSI)
> 	It does authentificate though - at least first few 
> 	minutes, but it literally dies afterwards :(
>..
> 	The password file is about 1 Mb big  , there are about 15,000
> 	accounts in it - in case it will help

No problems here with the V8 erpcd (muchly hacked up), I am not running the 
V9 code.

Here are some ideas:

ERPCD spawns a lot of children for that kind of config.  You should have
a seriously pumped up kernel for that.  I've got MAXUSERS 256, 
options "CHILD_MAX=256", options "OPEN_MAX=256", and a bodacious amount
of swap space :-).  You may want to go above CHILD_MAX 256 if you have
a dozen annexes with 64 ports :-)   12*32=384, 12*64=768.  Get Hanz and
Franz to reconfigure your server for this manly task.

I have a big password file also - but make sure you are using getpwnam to
get the records out of the 'db'.  If you are using the flat text file
'acp_passwd' you will probably need to seek sequential relief.

Double check the file locking for the log file.  I recall having to adjust
the file lock call for the 64 bit lseek offset.  Could ERPCD be spinning
in a lock-that-always-fails loop?

Do the encrypted packets for the annexes happen to go through any routers
before they get to your authentication boxes?  Many bad things happened
here when I ran the encrypted packets through certain cisco boxes :-)

Thats all I can think of right now.

Regards,


Mark Hittinger
Internet Manager
WinNET Communications, Inc.
bugs@win.net