proftpd + mod_sql: solving "slow login" problem
Geschrieben von Harald Lapp in Allgemeines um 13:35
I had a very annoying problem with proftpd, which seems a common one at first sight: slow login and the problem, that a lot of ftp clients out there have a low timeout setting configured. The problem is that googling "slow connection" or "slow login" in combination with "proftpd" led me in a totally wrong direction. A lot of people seem to have a problem with DNS lookups, which can be easily fixed by adding ...
UseReverseDNS off IdentLookups off
... to the configuration file, to turn of any DNS lookups. But this did not change anything for me. Running a ftp client in debug mode it turned out, that the authorization itself took a very long time, which led to a timeout with most ftp clients:
air:~ harald$ ftp -d ftp.xxxxxxxxxx.de Connected to ftp.xxxxxxxxxx.de. 220 xxxxxxxxxx FTP Server ftp_login: user `
' pass ` ' host `ftp.xxxxxxxxxx.de' Name (ftp.xxxxxxxxxx.de:harald): ---> USER harald 331 Password required for harald Password: ---> PASS XXXX ...
The password was send, and than the ftp client had to wait 10 seconds and longer for a respone. Lot's of ftp clients have a timeout of less than 10 seconds, which results in a timed out connection for such a long response time.
After googling for quite some time without finding anything useful on this topic -- besides the DNS lookup problem -- i delved deeper into to the proftpd documentation and found a howto which gave me some hints of how to speed up ftp login.
As it turned out the problem was my SQLAuthenticate directive, which i just copied from the example configuration file of mod_sql. The configuration was set to:
SQLAuthenticate users userset
The problem with this configuration is, that the userset switch seems to be very, very expensive. I still don't know, why this switch is set in the configuration -- the documentation contains no useful examples of when to use / when to avoid this switch, but eventually i found a forum post of a proftpd maintainer, where he tells, that the userset switch is not necessary to be configured. After changing above configuration to ...
... login is fast as hell. I'm still curious why the switch was there ...