mit-krb5 thread support -- fork safety

Sam Hartman hartmans at MIT.EDU
Tue Apr 20 12:33:42 EDT 2004

>>>>> "Jeffrey" == Jeffrey Altman <jaltman at> writes:

    Jeffrey> Nicolas Williams wrote:
    >> Others could remain valid:
    >> - krb5_principal - krb5_ccache - krb5_keytab
    Jeffrey> I don't think a krb5_ccache object can be safely used
    Jeffrey> after a fork.  The krb5_ccache object is opaque and may
    Jeffrey> refer to data structures or kernel objects which are not
    Jeffrey> inheritable.

I think we're approaching this the wrong way.  What objects do our
applications need us to keep safe after fork?

Once we've decided that, we look at what we need to do in order to
implement that behavior.

It seems clear that if necessary, we could make all krb5 objects safe
after fork.

More information about the krbdev mailing list