Detecting user cancel in gss_init_sec_context

Ken Raeburn raeburn at MIT.EDU
Thu Sep 25 16:30:08 EDT 2003

Miro Jurisic <meeroh at> writes:
>>> I would like there to be an error which unambiguously indicates
>>> that a krb5 call failed because the user cancelled
>>There is no plan for this sort of enhancement.
> Given that krb5 is still (as far as I know) not thread safe, I'd
> imagine it behooves you to allow the user to cancel any lengthy
> Kerberos operation (not just the login dialog), but I assume you will

I think this would be desirable, even once the library is thread-safe.

In fact, one of the implementation recommendations in the AES spec is
that the key calculation (which runs a hash function some number of
times specified by a message from the KDC, which could be spoofed) be
interruptible by users if appropriate.  Just how that would be
implemented, and noticed by code buried in the crypto library, I

> tell me this is also an enhancement that won't see the light of day
> any time soon.

I suspect it won't be high on our priority list any time soon.
But if someone proposed a good design and gave us good, clean patches,
who knows.... (hint, hint :-)


More information about the krbdev mailing list