Browse Prior Art Database

Configuration of Authentication system like Kerberos on Varied Storage for Enhanced Performance

IP.com Disclosure Number: IPCOM000172871D
Original Publication Date: 2008-Jul-17
Included in the Prior Art Database: 2008-Jul-17
Document File: 1 page(s) / 26K

Publishing Venue

IBM

Abstract

Disclosed is a method for usage of disk technology for authentication systems like Kerberos* for enhanced performance.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 60% of the total text.

Page 1 of 1

Configuration of Authentication system like Kerberos on Varied Storage for Enhanced Performance

In Kerberos, the end user tries to authenticate by supplying his/her username and password which is sent to the central Kerberos Server (KDC). The Kerberos server (KDC) uses the username supplied to perform a look-up in its internal database of users and get the required information (authentication record) which is then further used for validation of the authentication request. The time required to fetch the authentication record of the user using the username from the database as the seek time.

This authentication data of the users is sparingly written and extensively referred. In other words there is a less write on this database/file and much more read. In other words it is well understood and appreciated that the READ cycles are very high compared to the WRITE cycle to the database/file holding the Kerberos authentication records. A READ cycle required to fetch the users authentication record is called the seek time, as described above.

Seek time and the user information validations are the bottleneck of the overall authentication process and plays a huge role in the overall performance authentication process. Higher the seek time lower the performance and vice versa. The disclosed solution is to enhance the method of configuration of the protocol such that the READ cycle used for fetching the user credential records will be...