[20527] in Kerberos_V5_Development
Re: is krb5_cc_initialize() thread safe
daemon@ATHENA.MIT.EDU (Olga Kornievskaia)
Sat Feb 22 02:00:09 2025
MIME-Version: 1.0
In-Reply-To: <202502210325.51L3PdlO004564@hedwig.cmf.nrl.navy.mil>
From: Olga Kornievskaia <aglo@umich.edu>
Date: Fri, 21 Feb 2025 09:47:26 -0500
Message-ID: <CAN-5tyHijHfBnz9z6ahvQHNU0uW=H+rpyeUCUA4TB4eG0BkrHg@mail.gmail.com>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Thu, Feb 20, 2025 at 10:25 PM Ken Hornstein <kenh@cmf.nrl.navy.mil> wrote:
>
> >> Greg does bring up the larger meta-issue that you're apparantly trying
> >> to have two threads call krb5_cc_initiualize() on the same FILE
> >> credential cache; what, exactly, are you trying to accomplish there?
> >
> >NFS gssd service is multithreaded (has been for a while now). And at
> >some point we've allowed multiple upcalls for the same UID (leading to
> >the upcalls looking/working on the same credential cache) and thus the
> >problem that krb5_cc_initialize() is called by 2 threads. It was
> >assumed that kerberos libraries are "thread-safe".
>
> I think you're missing Greg's point; krb5_cc_initialize() wipes out the
> credential cache completely and makes it non-usable. That's what he
> meant by it being thread safe but not concurrency safe. If one upcall
> stored credentials another thread would wipe those out with a call to
> krb5_cc_initialize(). I'm unclear what exactly you expect to happen
> in this situation.
Imagine if there are 2 parallel kinit's. It doesn't matter that the
2nd one will wipe out the creds, there will be a set of creds in the
end.
I expect to krb5_cc_intiialize() to not fail. Yes I can see that some
conditions (such as memory allocation failure) can lead to one thread
successfully completing while the other will fail. But what memory
issues are not in play here.
>
> --Ken
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
