Memory Callback support in GSSAPI

Tom Yu tlyu at MIT.EDU
Wed Nov 11 12:30:40 EST 2009


Manoj Mohan <manojm at us.ibm.com> writes:

> In order to ensure that server side code for Single-Sign-On runs can run on
> multiple processes, I wanted to find out if there any available APIs to
> register memory callback functions for malloc/realloc/free. Right now I can
> see that when I call functions like gss_acquire_cred/gss_sec_accept_context
> the credential handle will come out of heap/process memory and when the
> thread will migrate to another process it will be invalid.

Would you please explain what sort of cross-process thread migration
is involved?  The gss_export_sec_context and gss_import_sec_context
functions should accomplish most anticipated cross-process migration
of GSS-API state; is there a particular reason you need to migrate a
credential handle?

> If memory callback functions are not there.. what is the best way to handle
> this?

Memory callback functions aren't present in the current API.  Are you
considering placing such structures in shared memory or something
similar?

The GSS-API is an IETF standards-track specification; it so happens
that the IETF KITTEN Working Group is contemplating some API
revisions, and we could use some input from application developers and
others who have a desire to improve the API.  The idea of memory
management callback functions is one direction that some KITTEN
Working Group participants have mentioned as a possible improvement.

The Working Group charter is at

    http://www.ietf.org/dyn/wg/charter/kitten-charter.html

and the mailing list archive is at

    http://www.ietf.org/mail-archive/web/kitten/current/maillist.html

Please consider participating in the Working Group by joining its
mailing list; while of course I can relay suggestions that people post
to the Kerberos mailing list/newsgroup, direct participation in the
Working Group is also valuable.

-- 
Tom Yu
Development Team Leader
MIT Kerberos Consortium
(and IETF KITTEN WG co-chair)



More information about the Kerberos mailing list