Thread-safe libraries

Ken Hornstein kenh at cmf.nrl.navy.mil
Wed Feb 25 16:06:53 EST 2004


>According to strace ...
>
>1.2.8 app server with named credential - opens an rcache.
>1.3.1 app server with no credential - no evidence of rcache being
>opened.

Hm, regarding my previous note ....

It looks like I was wrong, krb5_rd_req() will get a replay cache even if
the passed-in server is NULL, because it gets the server name from the
ticket.

>wrt to krb5_rd_req - it looks like rcache is obtained only if
>auth_context_flags includes KRB5_AUTH_CONTEXT_DO_TIME.
>
>accept_sec_context clearly sets auth_context with
>KRB5_AUTH_CONTEXT_DO_SEQUENCE.

Looks like the right thing to do here is change accept_sec_context() to
set KRB5_AUTH_CONTEXT_DO_SEQUENCE.

--Ken


More information about the Kerberos mailing list