to what degree is krb5 thread-safe?
raeburn at MIT.EDU
Mon Mar 10 15:28:40 EST 2003
Joey Collins <joeycollins at charter.net> writes:
> I am using the MIT KRB5 API in a multi-threaded application to manage
> potentially many kerberos sessions/users. To what degree is the library
> thread safe?
Not very. The intent is that using one krb5_context per thread -- or
rather, not using a given krb5_context from more than one thread at a
time -- will get you most of the way there. However, there are a few
bits of shared static data that can get updated, and some per-process
file locking is done in places. While those could be handled with a
single mutex that gets locked around any krb5 or com_err library
calls, there may also be C library functions called from the krb5 code
that are not thread-safe.
A couple of organizations have expressed interest in fixing this --
specifically, allowing multithreaded programs to use the GSSAPI
library. Some work is underway, but it won't be done for a little
while. It will not be included in the 1.3 release, but we hope to
have it incorporated sometime after that.
More information about the krbdev