Buildilng Krb5 against Sun Crypto Accelerators? (Todd Zino)
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Fri Apr 15 23:33:33 EDT 2005
Henry B. Hotz wrote:
>
> On Mar 11, 2005, at 9:07 AM, krbdev-request at mit.edu wrote:
>
> > Has anyone had any experience trying to build the latest krb5
> > distributions against the Sun crypto accelerator hardware? From
> > reading Sun's whitepapers and sales pitches, I get the impression
> > that all major DES/RSA crypto algorithms are embedded in the
> > hardware, but the only 'supported' software is OpenSSL 0.9.x and
> > Apache 1.3.x (both in outdated incarnations according to the last
> > sales sheets I could find at sun.com).
Henry -
Solaris 10 Kerberos is built to take advantage of the encryption framework
provided by the OS. This means that when hardware accelerators become
available for S10, Solaris 10 Kerberos code will automatically be able
to take advantage of it.
It doesn't matter much for short operations that the KDC performs,
but it might make a significant difference for NFSv4 w/KRB5 security
enabled - or even FTP with KRB5 encryption would be improved
(assuming that the encryption type used was supported on the
crypto accelerator).
-Wyllys
More information about the krbdev
mailing list