How is an application supposed to know if a Kerberos library isthread safe?

Nicolas Williams Nicolas.Williams at
Mon Dec 20 13:10:28 EST 2004

On Mon, Dec 20, 2004 at 12:30:14PM -0500, Jeffrey Altman wrote:
> Jeffrey Altman wrote:
> So far the only comment I have received is that 
> gss_krb5_is_thread_safe() should not take an argument.  Therefore, the 
> revised proposal is:
>   krb5_boolean KRB5_CALLCONV krb5_is_thread_safe(krb5_context context);
>   OM_uint32 KRB5_CALLCONV gss_krb5_is_thread_safe(void);
> Heimdal has agreed to add these functions when MIT does.
> Any other opinions?  Does anyone object?  If not, I will add them today.

Actually, I think the GSS interface should be:

OM_uint32 gss_inquire_mech_thread_safety(OM_uint32 *minor, gss_OID mech,
					 OM_uint32 *is_thread_safe);

This gets the "krb5" out of the function name and helps those of us who
have mechs other than Kerberos V.

I'd like us to figure out how to use the gss namespaces for extensions
(I'm working on the IANA I-D), but there should be no need to wait for
that -- we can grandfather anything that ultimately doesn't fit any
allocation rules.


More information about the krbdev mailing list