Thread-safety in Kerberos libs
Xiaoshan Zuo
Xiaoshan.Zuo at datadomain.com
Fri Dec 28 21:55:47 EST 2007
Happy New Year! I guess this would be the first question of the new
year.
I am working on adding Kerberos authentication to a multi-threaded
application. The libraries I am going to use are libkrb4.s0.2 and
libgssapi_krb5.so.2. The exact functions I am going to use in a
multi-threaded context are:
gss_verify_mic
gss_get_mic
gss_release_buffer
gss_wrap
gss_unwrap
I am trying to figure out whether those functions are thread-safe. In
the doc/threads.txt file, it says that:
"Any use of krb5_context must be confined to one thread at a time by
the application code."
To find out if those functions use krb5_context, I browsed the code in
src/lib/gssapi/krb5. It looks like some of the above functions use
krb5_context (not sure if they modify anything in krb5_context).
According to the above statement, those functions are not thread-safe.
I also searched the email archive, there are multiple threads on this
subject. In those threads, people blamed some functions in C library for
causing thread-safe problem, there was no mention of krb5_context. Do we
know whether it is just C library or Kerberos library is not thread-safe
by itself?
Even Kerberos library is not thread-safe, I can use it as long as the
above functions are thread-safe. I would really appreciate an answer
from people on this list.
Thanks,
Xiaoshan Zuo
More information about the krbdev
mailing list