Rick Cochran writes:
>
> We have been running AFS Kerberos authenticated POP for several years and
> have noticed that after a month or so, it starts taking up to 13 seconds
> of CPU time on a Sparc 1 to 'klog' (hence also, POP authenticate).
>
> This seems to be related to lots of token/PAG creations with no explicit
> token/PAG destructions.
>
> With POP, all one really needs to do is authenticate - no token is
> needed. I think this was the motivation behind some questions/answers
> on info-afs in the last two months. The best solution I saw was
> workable, but too kludgy for me.
This is the routine we use for "authenticating" servers. The #if 0 section
is used if a token is required, the second section to authenticate without
a token.
Steve
int try_to_login (char *username,
char *password)
{
int code;
char *reason;
#if 0
/* Authenticate - validate and get token.
*/
code = ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION,
username,
(char *) 0, /* instance */
(char *) 0, /* realm */
password,
0, /* lifetime, default */
0, 0, /* spares */
&reason);
if (code != 0)
printf("AFS login failed because %s\n", reason);
#else
/* Validate only. No token.
*/
struct ktc_encryptionKey key;
struct ktc_token token;
code = ka_StringToKey (password, NULL, &key);
code = ka_GetAdminToken (username, NULL, NULL, &key, 600, &token, 1);
if (code != 0)
printf("AFS login failed: code %d\n", code);
#endif
return code;
}
----------------------------------------------------------------------------
Steve Roseman
Lehigh University Computing Center
[EMAIL PROTECTED]
