SESFASTLOGIN (JANUS DEFINE parameter): Difference between revisions

From m204wiki
Jump to navigation Jump to search
m (1 revision)
(Automatically generated page update)
 
(14 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{DISPLAYTITLE:SESFASTLOGIN}}
<span class="pageSubtitle">Skip CCASTAT/external lookups on login</span>
<span class="pageSubtitle"><section begin="desc" /><section end="desc" /></span>


SESFASTLOGIN is a parameter on [[JANUS DEFINE]], which defines and sets characteristics of a Janus port. See the [[JANUS DEFINE#parmlist|List of JANUS DEFINE parameters]].
<var>SESFASTLOGIN</var> is a parameter on <var>[[JANUS DEFINE]]</var>, which defines and sets characteristics of a Janus port.  


This parameter reduces the login security overhead for <var class="product">[[Janus Web Server]]</var> threads by causing a login performed for a continued session to be a "fast" login. A fast login does no CCASTAT lookup or external authorizer (RACF, ACF2, Top Secret) lookup for the userid.


The benefits of this parameter are:


This parameter reduces the login security overhead for ''[[Janus Web Server]]'' threads by causing a login performed for a continued session to be a "fast" login. A fast login does no CCASTAT lookup or external authorizer (RACF, ACF2, Top Secret) lookup for the userid.
The benefits of this parameter are:
<ul>
<ul>
<li>It avoids the overhead of heavy external-authorizer login traffic for web threads, which do a login for every protected page requested. The overhead of CCASTAT lookup is also avoided for users in CCASTAT, but this overhead is usually relatively small.  
<li>It avoids the overhead of heavy external-authorizer login traffic for web threads, which do a login for every protected page requested. The overhead of CCASTAT lookup is also avoided for users in CCASTAT, but this overhead is usually relatively small.  
<li>It avoids the external authorizer's logging of "last logged in" times for every page a user accesses. This presents an inaccurate picture of the time of last login, and it produces large amounts of useless external authorizer logging.
<li>It avoids the external authorizer's logging of "last logged in" times for every page a user accesses. This presents an inaccurate picture of the time of last login, and it produces large amounts of useless external authorizer logging.
</ul>
</ul>
The disadvantage of setting this parameter is that access to an external-authorizer protected resource or to command privileges will only be available to the first URL request in a session.<blockquote> This parameter has no effect unless login sessions are being maintained by SESCOOKIE or SSLSES.</blockquote>


The WEBLOGHOLD parameter accomplishes many of the same things as SESFASTLOGIN, but it has the drawback that an sdaemon thread is tied up for each held login. It has the advantage that there is no difference privilege-wise between an initial user URL request and a later one.  
The disadvantage of setting this parameter is that access to an external-authorizer protected resource or to command privileges will only be available to the first URL request in a session.
 
'''Note:''' This parameter has no effect unless login sessions are being maintained by <var>[[SESCOOKIE (JANUS DEFINE parameter)|SESCOOKIE]]</var> or <var>[[SSLSES (JANUS DEFINE parameter)|SSLSES]]</var>.
 
The <var>[[WEBLOGHOLD (JANUS DEFINE parameter)|WEBLOGHOLD]]</var> parameter accomplishes many of the same things as <var>SESFASTLOGIN</var>, but it has the drawback that an sdaemon thread is tied up for each held login. It has the advantage that there is no difference privilege-wise between an initial user URL request and a later one.  


SESFASTLOGIN is available as of ''[[Sirius Mods]]'' Version 6.5 (originally in a 6.4 ZAP).  
<var>SESFASTLOGIN</var> is available as of <var class="product">Sirius Mods</var> Version 6.5 (originally in a 6.4 ZAP).  


The SESFASTLOGIN parameter is valid only for a ''[[Janus Web Server]]'' port.
The <var>SESFASTLOGIN</var> parameter is valid only for a <var class="product">Janus Web Server</var> port.


==References==
==See also==


See: [[List of Janus commands]] | [[JANUS DEFINE#parmlist|List of JANUS DEFINE parameters]].
<ul>
<li>[[List of Janus commands]]
<li>[[JANUS DEFINE#parmlist|List of JANUS DEFINE parameters]]
</ul>


[[Category:JANUS DEFINE parameters|SESFASTLOGIN]]
[[Category:JANUS DEFINE parameters|SESFASTLOGIN]]

Latest revision as of 22:23, 16 April 2013

Skip CCASTAT/external lookups on login

SESFASTLOGIN is a parameter on JANUS DEFINE, which defines and sets characteristics of a Janus port.

This parameter reduces the login security overhead for Janus Web Server threads by causing a login performed for a continued session to be a "fast" login. A fast login does no CCASTAT lookup or external authorizer (RACF, ACF2, Top Secret) lookup for the userid.

The benefits of this parameter are:

  • It avoids the overhead of heavy external-authorizer login traffic for web threads, which do a login for every protected page requested. The overhead of CCASTAT lookup is also avoided for users in CCASTAT, but this overhead is usually relatively small.
  • It avoids the external authorizer's logging of "last logged in" times for every page a user accesses. This presents an inaccurate picture of the time of last login, and it produces large amounts of useless external authorizer logging.

The disadvantage of setting this parameter is that access to an external-authorizer protected resource or to command privileges will only be available to the first URL request in a session.

Note: This parameter has no effect unless login sessions are being maintained by SESCOOKIE or SSLSES.

The WEBLOGHOLD parameter accomplishes many of the same things as SESFASTLOGIN, but it has the drawback that an sdaemon thread is tied up for each held login. It has the advantage that there is no difference privilege-wise between an initial user URL request and a later one.

SESFASTLOGIN is available as of Sirius Mods Version 6.5 (originally in a 6.4 ZAP).

The SESFASTLOGIN parameter is valid only for a Janus Web Server port.

See also