David Thompson wrote: > Ken Hornstein wrote: >>> Yes and no. The issue in our application is that we need to make many >>> authentications quickly (mostly for the same pts ids over and over), and >>> cannot afford the 1 pag per second cost to create a new pag each time we >>> need >>> one. >> I guess I am missing something. How come you need to get a new pag to >> reauthenticate? > > Think things like web servers that run authenticated as the (each) web page > author. Or, <scream volume="primal"> think things like authenticated mail > delivery.</scream> In either case, I have to authenticate as the same > principal over and over, and I can't wait for a new pag for each request. > So, I create (and authenticate) a pag for each principal, and I can > authenticate quickly via a setgroups() call to select the appropriate > authentication (pag). > > Our implementation consists of more than that, but that's the core of it. > > Dave Thompson > UW-Madison
Why do you need a new PAG as opposed to simply performing an unlog() operation on your existing PAG? You only need a new PAG when your web server creates a new process. Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
