k5start -K and ticket renewals
Nico Williams
nico at cryptonector.com
Tue Jan 28 13:25:05 EST 2014
On Tue, Jan 28, 2014 at 5:10 AM, <moritz.willers at ubs.com> wrote:
> If the behaviour is changing and k5start refresh the ticket more
> regularly, then the updating of the CC must always be atomic. If I
> remember correctly, this is right now only the case if -o, -g or -m are
> specified.
As to atomicity... the FILE ccache currently depends on POSIX file
locking at least for additions of tickets, and this is a disaster
because POSIX file locking is a disaster (because of its drop locks on
first close semantics). But yes, *renewal* and refresh should always
result in a rename(2) into place, which should be atomic.
Nico
--
More information about the Kerberos
mailing list