SESFASTLOGIN (JANUS DEFINE parameter): Difference between revisions
m (1 revision) |
mNo edit summary |
||
Line 1: | Line 1: | ||
<span class="pageSubtitle"><section begin="desc" />Skip CCASTAT/external lookups on login<section end="desc" /></span> | |||
<span class="pageSubtitle"><section begin="desc" />Skip CCASTAT/external lookups on login | |||
<var>SESFASTLOGIN</var> is a parameter on [[JANUS DEFINE]], which defines and sets characteristics of a Janus port. | <var>SESFASTLOGIN</var> is a parameter on ,var>[[JANUS DEFINE]]</var>, which defines and sets characteristics of a Janus port. | ||
This parameter reduces the login security overhead for | This parameter reduces the login security overhead for <var class="product">[[Janus Web Server]]</var> threads by causing a login performed for a continued session to be a "fast" login. A fast login does no CCASTAT lookup or external authorizer (RACF, ACF2, Top Secret) lookup for the userid. | ||
The benefits of this parameter are: | The benefits of this parameter are: | ||
Line 19: | Line 18: | ||
The <var>[[WEBLOGHOLD (JANUS DEFINE parameter)|WEBLOGHOLD]]</var> parameter accomplishes many of the same things as <var>SESFASTLOGIN</var>, but it has the drawback that an sdaemon thread is tied up for each held login. It has the advantage that there is no difference privilege-wise between an initial user URL request and a later one. | The <var>[[WEBLOGHOLD (JANUS DEFINE parameter)|WEBLOGHOLD]]</var> parameter accomplishes many of the same things as <var>SESFASTLOGIN</var>, but it has the drawback that an sdaemon thread is tied up for each held login. It has the advantage that there is no difference privilege-wise between an initial user URL request and a later one. | ||
<var>SESFASTLOGIN</var> is available as of '' | <var>SESFASTLOGIN</var> is available as of ''Sirius Mods'' Version 6.5 (originally in a 6.4 ZAP). | ||
The <var>SESFASTLOGIN</var> parameter is valid only for a | The <var>SESFASTLOGIN</var> parameter is valid only for a <var class="product">Janus Web Server</var> port. | ||
==See also== | ==See also== |
Revision as of 18:18, 1 March 2012
<section begin="desc" />Skip CCASTAT/external lookups on login<section end="desc" />
SESFASTLOGIN is a parameter on ,var>JANUS DEFINE, which defines and sets characteristics of a Janus port.
This parameter reduces the login security overhead for Janus Web Server threads by causing a login performed for a continued session to be a "fast" login. A fast login does no CCASTAT lookup or external authorizer (RACF, ACF2, Top Secret) lookup for the userid.
The benefits of this parameter are:
- It avoids the overhead of heavy external-authorizer login traffic for web threads, which do a login for every protected page requested. The overhead of CCASTAT lookup is also avoided for users in CCASTAT, but this overhead is usually relatively small.
- It avoids the external authorizer's logging of "last logged in" times for every page a user accesses. This presents an inaccurate picture of the time of last login, and it produces large amounts of useless external authorizer logging.
The disadvantage of setting this parameter is that access to an external-authorizer protected resource or to command privileges will only be available to the first URL request in a session.
Note: This parameter has no effect unless login sessions are being maintained by SESCOOKIE or SSLSES.
The WEBLOGHOLD parameter accomplishes many of the same things as SESFASTLOGIN, but it has the drawback that an sdaemon thread is tied up for each held login. It has the advantage that there is no difference privilege-wise between an initial user URL request and a later one.
SESFASTLOGIN is available as of Sirius Mods Version 6.5 (originally in a 6.4 ZAP).
The SESFASTLOGIN parameter is valid only for a Janus Web Server port.