Thread-safety in Kerberos libs

Xiaoshan Zuo Xiaoshan.Zuo at
Fri Dec 28 21:55:47 EST 2007

Happy New Year! I guess this would be the first question of the new

I am working on adding Kerberos authentication to a multi-threaded
application. The libraries I am going to use are libkrb4.s0.2 and The exact functions I am going to use in a
multi-threaded context are:


I am trying to figure out whether those functions are thread-safe. In
the doc/threads.txt file, it says that:

"Any use of krb5_context must be confined to one thread at a time by
the application code."

To find out if those functions use krb5_context, I browsed the code in
src/lib/gssapi/krb5. It looks like some of the above functions use
krb5_context (not sure if they modify anything in krb5_context).
According to the above statement, those functions are not thread-safe.

I also searched the email archive, there are multiple threads on this
subject. In those threads, people blamed some functions in C library for
causing thread-safe problem, there was no mention of krb5_context. Do we
know whether it is just C library or Kerberos library is not thread-safe
by itself?

Even Kerberos library is not thread-safe, I can use it as long as the
above functions are thread-safe. I would really appreciate an answer
from people on this list.


Xiaoshan Zuo

More information about the krbdev mailing list