How to disable replay cache in a kerberized client-server app ?
matthieu
matthieu.hautreux at gmail.com
Tue Feb 3 14:48:07 EST 2009
Hi,
I'm currently writing a kerberized daemon and would like to disable
replay cache. I'm using krb5-1.6.1 (RedHat 5.2).
I did not find any relevant function in the API. I finally find the
krb5_rc_resolve_full function in the krb5 source code and use it for
now with a replay cache file name like "none:nofile". It works quite
great. I just have to free the returned krb5_rcache structure manually
to prevent a memory leak.
Is there an other way to do that ? The reason why I have to do this is
that I need to write a scalable deamon and that replay cache mechanism
provides a huge contention in my multithreaded application. I first
searched for a way to use a different replay cache file per thread but
didn't find a way to do it either.
I also have an other question. Is it possible to get an addressless
TGT using a non addressless one. A kind of forward that give you back
an addressless ticket ?
Thank you for your help.
Regards,
Matthieu
More information about the Kerberos
mailing list