On Oct 23 14:01, Achim Gratz wrote: > Corinna Vinschen cygwin.com> writes: > > There's, as usual, a downside: AuthZ leans a bit to the slow side. > > It's not too bad, as long as your network connection is fast (and fast means > short roundtrip time for an AD query). If I take each page fault as > reported by time as a proxy for an AD access, then it needs about three > times more roundtrips to the AD. > > On a server with almost perfect connectivity to the AD that increases the > wall-time of listing a very large directory with directories/files from many > users (about a quarter of all users in the AD, and not all from the local > domain) from 8 to 10 minutes. The CPU time as well as the network traffic > is neglible in both cases. > > On my local laptop things look a bit different, a small ~5% subset of the > test above goes from 20s to 200s and a different larger ~10% subset from 50s > to 500s. Erm, really? I tested this locally with a directory with hundreds of files, each of which belonged to another user or group, and that resulted in a 25% slowdown. Not 1000%. Oh boy. > While that hurts, the more usual case with many files from the > same user doesn't feel any slower at the moment. The access through VPN > will be interesting, though... Did you try this in the meantime? Given the above result, I'm wondering if we can afford using AuthZ at all. OTOH I don't see any other way to get the correct POSIX permissions from a non-Cygwin ACL :( Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat