[31683] in Kerberos
Re: Memory Callback support in GSSAPI
daemon@ATHENA.MIT.EDU (Tom Yu)
Wed Nov 11 12:31:05 2009
To: Manoj Mohan <manojm@us.ibm.com>
From: Tom Yu <tlyu@MIT.EDU>
Date: Wed, 11 Nov 2009 12:30:40 -0500
In-Reply-To: <OF14F5345B.9B959B7B-ON8725766B.0057630E-8625766B.005A2494@us.ibm.com>
(Manoj Mohan's message of "Wed, 11 Nov 2009 11:24:22 -0500")
Message-ID: <ldvaayt7yv3.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@MIT.EDU>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@MIT.EDU
Manoj Mohan <manojm@us.ibm.com> writes:
> In order to ensure that server side code for Single-Sign-On runs can run on
> multiple processes, I wanted to find out if there any available APIs to
> register memory callback functions for malloc/realloc/free. Right now I can
> see that when I call functions like gss_acquire_cred/gss_sec_accept_context
> the credential handle will come out of heap/process memory and when the
> thread will migrate to another process it will be invalid.
Would you please explain what sort of cross-process thread migration
is involved? The gss_export_sec_context and gss_import_sec_context
functions should accomplish most anticipated cross-process migration
of GSS-API state; is there a particular reason you need to migrate a
credential handle?
> If memory callback functions are not there.. what is the best way to handle
> this?
Memory callback functions aren't present in the current API. Are you
considering placing such structures in shared memory or something
similar?
The GSS-API is an IETF standards-track specification; it so happens
that the IETF KITTEN Working Group is contemplating some API
revisions, and we could use some input from application developers and
others who have a desire to improve the API. The idea of memory
management callback functions is one direction that some KITTEN
Working Group participants have mentioned as a possible improvement.
The Working Group charter is at
http://www.ietf.org/dyn/wg/charter/kitten-charter.html
and the mailing list archive is at
http://www.ietf.org/mail-archive/web/kitten/current/maillist.html
Please consider participating in the Working Group by joining its
mailing list; while of course I can relay suggestions that people post
to the Kerberos mailing list/newsgroup, direct participation in the
Working Group is also valuable.
--
Tom Yu
Development Team Leader
MIT Kerberos Consortium
(and IETF KITTEN WG co-chair)
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
