to what degree is krb5 thread-safe?

Ken Raeburn raeburn at MIT.EDU
Mon Mar 10 15:28:40 EST 2003

Joey Collins <joeycollins at> writes:
> I am using the MIT KRB5 API in a multi-threaded application to manage
> potentially many kerberos sessions/users.  To what degree is the library
> thread safe?

Not very.  The intent is that using one krb5_context per thread -- or
rather, not using a given krb5_context from more than one thread at a
time -- will get you most of the way there.  However, there are a few
bits of shared static data that can get updated, and some per-process
file locking is done in places.  While those could be handled with a
single mutex that gets locked around any krb5 or com_err library
calls, there may also be C library functions called from the krb5 code
that are not thread-safe.

A couple of organizations have expressed interest in fixing this --
specifically, allowing multithreaded programs to use the GSSAPI
library.  Some work is underway, but it won't be done for a little
while.  It will not be included in the 1.3 release, but we hope to
have it incorporated sometime after that.


More information about the krbdev mailing list