MEMORY keytabs - how should they be destroyed?

Sam Hartman hartmans at MIT.EDU
Wed Jan 24 12:56:21 EST 2007

I don't have a problem with krb5_kt_destroy() if we conclude that
memory keytabs want to work like memory ccaches and be referenced
through krb5_kt_resolve.

It's not very clear to me.  That seems like an excellent way for a key
to end up being used in an unintended scope.  My recommended
implementation would be for memory keytabs to be created giving you a
keytab handle that you must pass to anyone who can access the key

I'd appreciate comments on this issue especially from people who have
not spoken up.

More information about the krbdev mailing list