context, threads, and both

Ken Raeburn raeburn at MIT.EDU
Tue May 31 23:28:29 EDT 2005

Hi, John.

> 1) I'm writing a persistent program which will be checking taking 
> requests to validate whether or not a principle name and passphrase 
> are valid.  One instance of the program could end up running for 
> months or longer.  Right now, I have it doing 1 context 
> initialization, but since so  many other things in kerberos have 
> life-times, I want to be sure that I wont need to refresh this with a 
> new initialization periodically.  Do I just need the one 
> initialization at start-up, or do I need to re-do that periodically?

If you keep the context around, you should be able to use it 

> 2) I seem to recall that kerberos libraries are not thread safe.  Is 
> that accurate?  If I decide to multi-thread this program, do I need to 
> wrap the kerberos calls with mutex's?
> 3) What about the context and each thread?  Does each thread need its 
> own context?  (does the "is or is not thread-safe" aspect depend upon 
> whether or not each thread has its own context?)

That's the idea, yes -- calls can be done in different threads as long 
as they use different contexts.  For simple data types exported in the 
header file, like the principal structure, we don't have any locking, 
so they're only safe to use in multiple threads at once if all of the 
uses only read the structure contents (and yeah, that's not really well 
documented anywhere).


P.S.  This is all assuming you're using a fairly current release.  The 
1.2 series had none of the thread safety support, for example.  Oh, and 
I'm talking about the krb5 and gssapi libraries -- gssrpc hasn't been 
done, and krb4 isn't going to be.

More information about the krbdev mailing list