[3157] in Kerberos-V5-bugs
Re: krb5-libs/786: Keytab code should cache last-read key
daemon@ATHENA.MIT.EDU (tytso@MIT.EDU)
Mon Nov 29 14:26:29 1999
Date: Mon, 29 Nov 1999 14:25:23 -0500
Message-Id: <199911291925.OAA04240@trampoline.thunk.org>
To: jik@kamens.brookline.ma.us
Cc: krb5-bugs@MIT.EDU, krb5-unassigned@RT-11.MIT.EDU,
jik@kamens.brookline.ma.us, gnats-admin@RT-11.MIT.EDU,
krb5-prs@RT-11.MIT.EDU
In-Reply-To: <199911232148.QAA20937@jik2.kamens.brookline.ma.us> (message from
Jonathan Kamens on Tue, 23 Nov 1999 16:48:23 -0500)
From: tytso@MIT.EDU
Date: Tue, 23 Nov 1999 16:48:23 -0500
From: Jonathan Kamens <jik@kamens.brookline.ma.us>
Every time a Kerberos application server gets a request, it
has to read its ticket file to process the request. For a
very busy server, this is very inefficient. It's also
unnecessary, since the vast majority of servers receive
requests for the same service principal over and over.
The patch below caches the last key read from the keytab, so
that the keytab does not have to be read over and over as long
as requests keep coming in for the same service principal.
Should there perhaps be a stat() test to see if the keytab has changed,
or is the assumption that you will kill and restart all application
daemons when the keytab file is changed?
- Ted
