[38897] in Kerberos
Re: Concurrency issues with FILE ccache
daemon@ATHENA.MIT.EDU (Osipov, Michael (LDA IT PLM))
Tue Apr 6 14:38:20 2021
To: Greg Hudson <ghudson@mit.edu>, <kerberos@mit.edu>
From: "Osipov, Michael (LDA IT PLM)" <michael.osipov@siemens.com>
Message-ID: <9484b630-e7bd-0fe5-911e-c152fd449e50@siemens.com>
Date: Tue, 6 Apr 2021 20:35:22 +0200
MIME-Version: 1.0
In-Reply-To: <87bb255b-0092-6e72-bd43-3d35149dac82@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Am 2021-04-06 um 19:28 schrieb Greg Hudson:
> On 4/6/21 11:48 AM, Osipov, Michael (LDA IT PLM) wrote:
>> gssapi.raw.misc.GSSError: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (100001): Failed to store credentials: Internal credentials cache error (filename: /tmp/krb5cc_1000)
>
> This is not expected, and bears investigation. It suggests an EINVAL,
> EEXIST, EFAULT, EBADF, or EWOULDBLOCK error from one of the I/O
> operations performed by fcc_store(), none of which are expected. If
> you're building libkrb5, you could try modifying interpret_error() to
> pass those error codes through in order to find out which one is happening.
>
> Getting multiple cache entries for a service is normal when multiple
> threads or processes initiate contexts to the same (new) service within
> a short window.
Note that this is only on MIT Kerberos 1.17 on Debian. I will first try
to compile 1.19.1 and test that. Let me get back to you in a couple of days.
Would it be sufficient to printf()
> ret = interpret_errno(context, errno);
reat and errno to std stream?
Using acquire_cred_from() seems to work on Debian, but I also see a
little overhead (< 5 %).
Do you know of the top of your head whether there have been any
concurrency fixes in this regard after 1.17?
M
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
