MEMORY keytabs - how should they be destroyed?
jhutz at cmu.edu
Fri Jan 26 09:17:34 EST 2007
On Fri, 26 Jan 2007, Jeffrey Altman wrote:
> Nicolas Williams wrote:
> > On Thu, Jan 25, 2007 at 08:48:42AM +0100, Jeffrey Altman wrote:
> >> I wonder if it should take a flag indicating whether the keytab should
> >> have the automatic destroy when refcount hits zero behavior.
> > That implies a function to take references.
> In the current Heimdal implementation the krb5_kt_resolve function
> obtains a reference and the reference is removed when the krb5_kt_close
> function is called.
Right; you get a reference on resolve and lose it on close. There has to
be a certain amount of refcounting in any case -- destroying a keytab
while someone else is using it might reasonably make its contents
unavailable, but should not cause the other user's pointers to become
However, Nico is right - if memory keytabs were not reachable by
krb5_kt_resolve, then you'd need a way to take references on a keytab
handle. In fact, that strikes me as a good idea in any case, though I
don't see an immediate need.
More information about the krbdev