mit-krb5 thread support -- fork safety

Jeffrey Altman jaltman at
Mon Apr 19 16:38:14 EDT 2004

Nicolas Williams wrote:

>   Others could remain valid:
>    - krb5_principal
>    - krb5_ccache
>    - krb5_keytab
I don't think a krb5_ccache object can be safely used after
a fork.  The krb5_ccache object is opaque and may refer to
data structures or kernel objects which are not inheritable.

Depending on how the krb5_keytab is implemented on a given
system the same could be true. 

The only items which I believe are safe to maintain are the
names of the principal, ccache and keytab.  The child process
should be required to obtain new access to the objects in
order to ensure that reference counting is properly maintained.

- Jeffrey Altman

More information about the krbdev mailing list