Single-byte I/O for keytab reads

Ken Raeburn raeburn at MIT.EDU
Thu Jun 27 18:05:00 EDT 2002

Ken Hornstein <kenh at> writes:

> So I've noticed during some system call traces that all I/O done on
> credential caches involve read()ing a byte at a time.  I did some research
> on this one, and I believe I've found the culprit.

Yeah, when the ccache performance discussion came up, I recalled
having seen this before.  Yet another bit of bogosity that should be

> I assume the reason this was done was to do the "right" thing when
> writing a new keytab entry, but it makes reading a lot more inefficient.
> Does the use of this still make sense, even for writing a new entry?

I think at least part of the point was to avoid having the keytab data
in a buffer somewhere that we couldn't wipe clean when the keytab was
closed, and thus might just possibly get revealed in a core dump.
Better would be to allocate some buffer space we control, point stdio
at it, and zap it on close.

As long as fseek or fflush is called in reasonable places, I don't
think buffered i/o should be a problem when updating the keytab.


More information about the krbdev mailing list