Concurrency issues with FILE ccache
Osipov, Michael (LDA IT PLM)
michael.osipov at siemens.com
Tue Apr 6 14:35:22 EDT 2021
Am 2021-04-06 um 19:28 schrieb Greg Hudson:
> On 4/6/21 11:48 AM, Osipov, Michael (LDA IT PLM) wrote:
>> gssapi.raw.misc.GSSError: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (100001): Failed to store credentials: Internal credentials cache error (filename: /tmp/krb5cc_1000)
>
> This is not expected, and bears investigation. It suggests an EINVAL,
> EEXIST, EFAULT, EBADF, or EWOULDBLOCK error from one of the I/O
> operations performed by fcc_store(), none of which are expected. If
> you're building libkrb5, you could try modifying interpret_error() to
> pass those error codes through in order to find out which one is happening.
>
> Getting multiple cache entries for a service is normal when multiple
> threads or processes initiate contexts to the same (new) service within
> a short window.
Note that this is only on MIT Kerberos 1.17 on Debian. I will first try
to compile 1.19.1 and test that. Let me get back to you in a couple of days.
Would it be sufficient to printf()
> ret = interpret_errno(context, errno);
reat and errno to std stream?
Using acquire_cred_from() seems to work on Debian, but I also see a
little overhead (< 5 %).
Do you know of the top of your head whether there have been any
concurrency fixes in this regard after 1.17?
M
More information about the Kerberos
mailing list