[krbdev.mit.edu #3089] krb5_verify_init_creds() is not thread safe
Jeffrey Altman via RT
rt-comment at krbdev.mit.edu
Tue Jun 7 12:27:10 EDT 2005
krb5_verify_init_creds() is not thread safe. In the case where the
creds provided to krb5_verify_init_creds() do not match the server, a
ccache is constructed with the name "MEMORY:rd_req". This is not thread
safe because all threads will use the same ccache name and will collide.
This can result in either false positives or false negatives.
More information about the krb5-bugs
mailing list