[1590] in Kerberos
Re: How good is kerberos in Transaction processing
daemon@ATHENA.MIT.EDU (Steve Lunt)
Fri Oct 4 12:19:03 1991
Date: Fri, 4 Oct 91 11:18:34 EDT
From: Steve Lunt <lunt@ctt.bellcore.com>
To: trip@amdahl.uts.amdahl.com
Cc: kerberos@Athena.MIT.EDU
Trip,
You do not need to perform Kerberos authentication (ticket
and authenticator) on each transaction processing request. You will
maintain a "security context" (i.e., Kerberos session key) for each
principal (peer) with which you wish to send or receive TP requests.
You will do Kerberos authentication with a peer only when either you
have not yet established a security context with that peer, or the
existing context has expired. You may do the Kerberos exchange over
any available transport medium (not necessarily the same one you are
using for TP requests). You can use the session key to send either
private (encrypted) or safe (protected with a crypto checksum)
messages. However, I recommend that if you can establish a context
with a peer, then you should insist that all traffic with that peer
be protected in one of the two ways. The GSSAPI interface to
Kerberos Version 5 wil be useful to you.
-- Steve
Steven J. Lunt | lunt@ctt.bellcore.com | RRC 1L-213
Computer Security Technology |-------------------------| 444 Hoes Lane
Bellcore | (908) 699-4244 | Piscataway, NJ 08854
----- Begin Included Message -----
From: trip@uts.amdahl.com (Tripatinder Chowdhry)
Reply-To: trip@amdahl.uts.amdahl.com (Tripatinder Chowdhry)
Organization: Amdahl Corporation, Sunnyvale CA
Subject: How good is kerberos in Transaction processing
To: kerberos@shelby.stanford.edu
Date: 3 Oct 91 21:33:38 GMT
I have just got into understanding kerberos. I would like to
understand overhead in terms of performance, when having kerberos.
In Online Transaction processing, their are requests comming at a rate
of 50 requests/second and server would be spending time servicing the requests.
I would think that their would be a lot over head if authenticator ticket
is to be generated for each request.
Please help me understand basic design of applications and where is kerberos
useful, and can i use kerberos at user level application.
thanks
trip
----- End Included Message -----
