[37243] in Kerberos
Re: Optimizing gss_init_sec_context possible?
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Sep 23 11:07:09 2015
To: Martin Gee <geemang_2000@yahoo.com>, "kerberos@mit.edu" <kerberos@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <5602C00E.8010500@mit.edu>
Date: Wed, 23 Sep 2015 11:06:54 -0400
MIME-Version: 1.0
In-Reply-To: <521158560.1492564.1442934815466.JavaMail.yahoo@mail.yahoo.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 09/22/2015 11:13 AM, Martin Gee wrote:
> Version: 1.13.2 kerb lib
> I'm using the GSS libs to impersonate a user via HTTP SPNEGO (http://tools.ietf.org/html/rfc4559)
> I use gss_init_sec_context to get a Token which is sent over to the HTTP service (see spec) in an HTTP Header. This is necessary.
> I'm profiling my app. The gss_init_sec_context is the most expensive call. I notice that gss_init_sec_context gives you a context handle.
> Is it possible to reuse the context and still get a token?
Are you passing GSS_C_DELEG_FLAG to gss_init_sec_context()? If so, you
can probably take that out and get much better performance, unless for
some reason you need to send a TGT to the HTTP service.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
