no file locking used when reading/writing replay cache?

Cesar Garcia Cesar.Garcia at morganstanley.com
Sat Jul 12 17:56:51 EDT 2003


short:

There does not appear to be use of file locks when reading/writing to
replay cache files.

long:

We are implementing gss authentication via client and server side
security exits invoked by a vendor application. The application is
both multi-processed and multi-threaded. We have applied various
patches in order to get this code to run cleanly under Purify and use
a mutex in both the client and server side to serialize the entire
sequence of gss calls (within a single process only, of course).

Under extremely high load (note this involves multiple app-server
processes), we are getting SEGVs in our security exit. Unfortunately
the vendor product catches SEGV, so getting a core, stack trace, etc,
will involve some work.

In the mean time, I noticed that there is no use of file locking when
reading/writing to the replay cache. Unfortunately, I also don't have
copy of the replay cache file for us to examine. I wish I had more to
work with - I'm working with the application team to get better data.
However, even if this is not the cause of the problem we saw, I
thought it might be worth raising this issue.

Any insight would be appreciated.

Thanks,
Cesar


More information about the Kerberos mailing list