Regarding Replay cache usage in memory..

Greg Hudson ghudson at MIT.EDU
Tue Mar 23 12:44:52 EDT 2010


On Tue, 2010-03-23 at 01:27 -0400, Prashant Gupta wrote:
> I am using MIT kerberos library for authentication in my project and I am
> seeing performance issue while using default replay cache i.e. dfl. I would
> like to know how can I enable the in memory replay cache.

There is no memory replay cache type; there is only "dfl" (file-based)
and "none".  Your protocol may not need a replay cache (basically, if
the client and the server both contribute fresh elements to each
exchange), in which case "none" may be appropriate.

You can use the "none" rcache type by setting the environment variable
KRB5RCACHETYPE to "none".  I don't see any way to do this
programmatically at present, which is a little surprising to me
(basically, we don't expose krb5_rc_resolve_full, so there's no way to
create a specific type of rcache to use with krb5_auth_con_setrcache or
gss_krb5_set_cred_rcache).





More information about the Kerberos mailing list