Concurrent access to replay cache

[Daniel Kouril]

Hi,
is the replay cache mechanism supposed to work with multiple processes
accessing the same rc_* file at the same time? I've run into problems
working on the kerberos module for apache (modauthkerb.sf.net), which
verifies the user's password against KDC. I use the krb5_verify_init_creds()
call to perform the password verification but now and then this call fails
returning an 'Request is a replay' error. I also wrote a simple stand-alone
program calling just this function and when I run multiple instances of it
at the same time this error can be also seen from time to time. With this
application I also received few 'Permission denied in replay cache code'
errors. This problem occurs rarely and is hard to reproduce so I have no
clue what can be wrong (perhaps some race condition problem in the replay
cache code?). I wonder if this problem can be worked around somehow? One
possible (long-term) solution I thought of is to disable the replay cache
checking in the krb5_verify_init_creds() call, which seems to me unnecessary
in any case.

I tested MIT krb5 1.3.{1,3} always with the same result.

thanks for any comments,

--
Daniel