[redhat-lspp] Re: [Keyrings] [RFC] Coming key management support improvements
Kyle Moffett
mrmacman_g4 at mac.com
Tue Oct 18 23:24:14 UTC 2005
On Oct 18, 2005, at 16:10:27, David Howells wrote:
> Kyle Moffett <mrmacman_g4 at mac.com> wrote:
>> It seems like the obvious answer is to avoid massive fork()/exec
>> () load placed on a system handling lots of keys, similar to the
>> idea that high-load servers don't run Apache from inetd.
>
> Yes, but why should there be more than one key per mountpoint? I
> wouldn't have thought that'd be an excessive load.
Wasn't one of the plans to make Kerberos use the key system (instead
of files) as a credentials cache? If so then a server using the
Kerberos libraries to do user authentication might conceivably be
doing a lot of key creations per second, without doing mounts or
other stuff that might be more intensive. On systems where running a
CGI is already too computationally intensive, that could
theoretically be a showstopper.
Cheers,
Kyle Moffett
--
Q: Why do programmers confuse Halloween and Christmas?
A: Because OCT 31 == DEC 25.
More information about the redhat-lspp
mailing list