[37238] in Kerberos
Re: Optimizing gss_init_sec_context possible?
daemon@ATHENA.MIT.EDU (Benjamin Kaduk)
Tue Sep 22 15:23:49 2015
Date: Tue, 22 Sep 2015 15:23:28 -0400 (EDT)
From: Benjamin Kaduk <kaduk@mit.edu>
To: Martin Gee <geemang_2000@yahoo.com>
In-Reply-To: <521158560.1492564.1442934815466.JavaMail.yahoo@mail.yahoo.com>
Message-ID: <alpine.GSO.1.10.1509221519280.26829@multics.mit.edu>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED;
BOUNDARY="-559023410-1439369183-1442949808=:26829"
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Errors-To: kerberos-bounces@mit.edu
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
---559023410-1439369183-1442949808=:26829
Content-Type: TEXT/PLAIN; charset=utf-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
On Tue, 22 Sep 2015, Martin Gee wrote:
> Version: 1.13.2 kerb lib
> I'm using the GSS libs to impersonate a user via HTTP SPNEGO (http://tool=
s.ietf.org/html/rfc4559)
> I use gss_init_sec_context to get a Token which is sent over to the HTTP =
service (see spec) in an HTTP Header. This is necessary.=C2=A0
> I'm profiling my app. The gss_init_sec_context is the most expensive
gss_init_sec_context is permitted to (and frequently does) block on
network interaction before returning. Would your profiling pick up such a
network delay?
> call. =C2=A0 I notice that gss_init_sec_context gives you a context handl=
e.=C2=A0
> Is it possible to reuse the context and still get a token?=C2=A0
No. The context handle is specific to a single ~session between client
and server (not an HTTP or TLS session, just a rough similarity). Perhaps
RFC 7546 would help clarify how gss_init_sec_context is supposed to work.
-Ben
---559023410-1439369183-1442949808=:26829
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
---559023410-1439369183-1442949808=:26829--
