Buildilng Krb5 against Sun Crypto Accelerators? (Todd Zino)

Wyllys Ingersoll wyllys.ingersoll at
Fri Apr 15 23:33:33 EDT 2005

Henry B. Hotz wrote:
>  On Mar 11, 2005, at 9:07 AM, krbdev-request at wrote:
> > Has anyone had any experience trying to build the latest krb5
> > distributions against the Sun crypto accelerator hardware? From
> > reading Sun's whitepapers and sales pitches, I get the impression
> > that all major DES/RSA crypto algorithms are embedded in the
> > hardware, but the only 'supported' software is OpenSSL 0.9.x and
> > Apache 1.3.x (both in outdated incarnations according to the last
> > sales sheets I could find at

Henry -
  Solaris 10 Kerberos is built to take advantage of the encryption framework
provided by the OS.   This means that when hardware accelerators become
available for S10, Solaris 10 Kerberos code will automatically be able
to take advantage of it.

   It doesn't matter much for short operations that the KDC performs,
but it might make a significant difference for NFSv4 w/KRB5 security
enabled - or even FTP with KRB5 encryption would be improved
(assuming that the encryption type used was supported on the
crypto accelerator).


More information about the krbdev mailing list