Concurrency issues with FILE ccache

Osipov, Michael (LDA IT PLM) michael.osipov at siemens.com
Tue Apr 6 14:35:22 EDT 2021


Am 2021-04-06 um 19:28 schrieb Greg Hudson:
> On 4/6/21 11:48 AM, Osipov, Michael (LDA IT PLM) wrote:
>> gssapi.raw.misc.GSSError: Major (851968): Unspecified GSS failure.  Minor code may provide more information, Minor (100001): Failed to store credentials: Internal credentials cache error (filename: /tmp/krb5cc_1000)
> 
> This is not expected, and bears investigation.  It suggests an EINVAL,
> EEXIST, EFAULT, EBADF, or EWOULDBLOCK error from one of the I/O
> operations performed by fcc_store(), none of which are expected.  If
> you're building libkrb5, you could try modifying interpret_error() to
> pass those error codes through in order to find out which one is happening.
> 
> Getting multiple cache entries for a service is normal when multiple
> threads or processes initiate contexts to the same (new) service within
> a short window.

Note that this is only on MIT Kerberos 1.17 on Debian. I will first try 
to compile 1.19.1 and test that. Let me get back to you in a couple of days.
Would it be sufficient to printf()
 > ret = interpret_errno(context, errno);
reat and errno to std stream?

Using acquire_cred_from() seems to work on Debian, but I also see a 
little overhead (< 5 %).

Do you know of the top of your head whether there have been any 
concurrency fixes in this regard after 1.17?

M


More information about the Kerberos mailing list