krb5 ccache of MEMORY type

Roman Semenov rasemenov at yahoo.com
Fri Jun 29 15:04:45 EDT 2018


 
Hello Everyone.
I have a question regarding the subject:Is the krb5_ccahe thread safe at all when it's of type MEMORY?
 
Technical Background:Assuming I make a ldap_sasl_bind_interactive() bind to an MS AD Server.That call requires krb5 ccache to contain the TGS ticket required for the bind operation.I have multiple threads to handle the ldap requests. 

In every thread, I do check the cache if it contains the required TGS for the configured principal.If it doesn't, then I authenticate the user again and get a new TGS ticket for ldap service.Of course, every thread creates its own krb5_context to authenticate the user,but all the threads are using the same ccache object.
Everything works fine while krb5 FILE type of ccache is in use. ow I want to improve performance and switch to MEMORY type of ccache. And I start getting my app crashed intermittently.

That makes me think - is the krb5_ccahe thread safe at all when it's of type MEMORY?Should I have a global krb5_context associated with that cache in this scenario?

 
Thank you in advance,Roman


More information about the Kerberos mailing list