[20526] in Kerberos_V5_Development
Re: is krb5_cc_initialize() thread safe
daemon@ATHENA.MIT.EDU (Olga Kornievskaia)
Thu Feb 20 22:36:24 2025
MIME-Version: 1.0
In-Reply-To: <202502210152.51L1qn3g003960@hedwig.cmf.nrl.navy.mil>
From: Olga Kornievskaia <aglo@umich.edu>
Date: Thu, 20 Feb 2025 21:08:13 -0500
Message-ID: <CAN-5tyF+RQjCdqHbg_kuv7L53_kRufmQMv5gUr2ji1QcmdVQyg@mail.gmail.com>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Thu, Feb 20, 2025 at 8:52 PM Ken Hornstein <kenh@cmf.nrl.navy.mil> wrote:
>
> >In my testing I've had gssd setup use the "default" ccache type which
> >is FILE. I haven't tried if setting it use_memory (switching to
> >MEMORY) works better. But regardless, gssd needs to do something
> >"better" for the case of FILE credential type and I'm trying to figure
> >out what that should be.
>
> Greg does bring up the larger meta-issue that you're apparantly trying
> to have two threads call krb5_cc_initiualize() on the same FILE
> credential cache; what, exactly, are you trying to accomplish there?
NFS gssd service is multithreaded (has been for a while now). And at
some point we've allowed multiple upcalls for the same UID (leading to
the upcalls looking/working on the same credential cache) and thus the
problem that krb5_cc_initialize() is called by 2 threads. It was
assumed that kerberos libraries are "thread-safe".
>
> --Ken
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
