SESFASTLOGIN (JANUS DEFINE parameter): Difference between revisions
m (1 revision) |
mNo edit summary |
||
| Line 1: | Line 1: | ||
{{DISPLAYTITLE:SESFASTLOGIN}} | {{DISPLAYTITLE:SESFASTLOGIN}} | ||
<span class="pageSubtitle"><section begin="desc" /><section end="desc" /></span> | <span class="pageSubtitle"><section begin="desc" />Skip CCASTAT/external lookups on login.<section end="desc" /></span> | ||
SESFASTLOGIN is a parameter on [[JANUS DEFINE]], which defines and sets characteristics of a Janus port. See the [[JANUS DEFINE#parmlist|List of JANUS DEFINE parameters]]. | SESFASTLOGIN is a parameter on [[JANUS DEFINE]], which defines and sets characteristics of a Janus port. See the [[JANUS DEFINE#parmlist|List of JANUS DEFINE parameters]]. | ||
This parameter reduces the login security overhead for ''[[Janus Web Server]]'' threads by causing a login performed for a continued session to be a "fast" login. A fast login does no CCASTAT lookup or external authorizer (RACF, ACF2, Top Secret) lookup for the userid. | This parameter reduces the login security overhead for ''[[Janus Web Server]]'' threads by causing a login performed for a continued session to be a "fast" login. A fast login does no CCASTAT lookup or external authorizer (RACF, ACF2, Top Secret) lookup for the userid. | ||
The benefits of this parameter are: | The benefits of this parameter are: | ||
<ul> | <ul> | ||
<li>It avoids the overhead of heavy external-authorizer login traffic for web threads, which do a login for every protected page requested. The overhead of CCASTAT lookup is also avoided for users in CCASTAT, but this overhead is usually relatively small. | <li>It avoids the overhead of heavy external-authorizer login traffic for web threads, which do a login for every protected page requested. The overhead of CCASTAT lookup is also avoided for users in CCASTAT, but this overhead is usually relatively small. | ||
<li>It avoids the external authorizer's logging of "last logged in" times for every page a user accesses. This presents an inaccurate picture of the time of last login, and it produces large amounts of useless external authorizer logging. | <li>It avoids the external authorizer's logging of "last logged in" times for every page a user accesses. This presents an inaccurate picture of the time of last login, and it produces large amounts of useless external authorizer logging. | ||
</ul> | </ul> | ||
The disadvantage of setting this parameter is that access to an external-authorizer protected resource or to command privileges will only be available to the first URL request in a session.<blockquote> This parameter has no effect unless login sessions are being maintained by SESCOOKIE or SSLSES.</blockquote> | The disadvantage of setting this parameter is that access to an external-authorizer protected resource or to command privileges will only be available to the first URL request in a session.<blockquote> This parameter has no effect unless login sessions are being maintained by SESCOOKIE or SSLSES.</blockquote> | ||
The WEBLOGHOLD parameter accomplishes many of the same things as SESFASTLOGIN, but it has the drawback that an sdaemon thread is tied up for each held login. It has the advantage that there is no difference privilege-wise between an initial user URL request and a later one. | The [[WEBLOGHOLD]] parameter accomplishes many of the same things as SESFASTLOGIN, but it has the drawback that an sdaemon thread is tied up for each held login. It has the advantage that there is no difference privilege-wise between an initial user URL request and a later one. | ||
SESFASTLOGIN is available as of ''[[Sirius Mods]]'' Version 6.5 (originally in a 6.4 ZAP). | SESFASTLOGIN is available as of ''[[Sirius Mods]]'' Version 6.5 (originally in a 6.4 ZAP). | ||
Revision as of 14:57, 14 March 2011
<section begin="desc" />Skip CCASTAT/external lookups on login.<section end="desc" />
SESFASTLOGIN is a parameter on JANUS DEFINE, which defines and sets characteristics of a Janus port. See the List of JANUS DEFINE parameters.
This parameter reduces the login security overhead for Janus Web Server threads by causing a login performed for a continued session to be a "fast" login. A fast login does no CCASTAT lookup or external authorizer (RACF, ACF2, Top Secret) lookup for the userid.
The benefits of this parameter are:
- It avoids the overhead of heavy external-authorizer login traffic for web threads, which do a login for every protected page requested. The overhead of CCASTAT lookup is also avoided for users in CCASTAT, but this overhead is usually relatively small.
- It avoids the external authorizer's logging of "last logged in" times for every page a user accesses. This presents an inaccurate picture of the time of last login, and it produces large amounts of useless external authorizer logging.
The disadvantage of setting this parameter is that access to an external-authorizer protected resource or to command privileges will only be available to the first URL request in a session.
This parameter has no effect unless login sessions are being maintained by SESCOOKIE or SSLSES.
The WEBLOGHOLD parameter accomplishes many of the same things as SESFASTLOGIN, but it has the drawback that an sdaemon thread is tied up for each held login. It has the advantage that there is no difference privilege-wise between an initial user URL request and a later one.
SESFASTLOGIN is available as of Sirius Mods Version 6.5 (originally in a 6.4 ZAP).
The SESFASTLOGIN parameter is valid only for a Janus Web Server port.
References
See: List of Janus commands | List of JANUS DEFINE parameters.