MEMORY keytabs - how should they be destroyed?

Jeffrey Hutzelman jhutz at
Fri Jan 26 09:17:34 EST 2007

On Fri, 26 Jan 2007, Jeffrey Altman wrote:

> Nicolas Williams wrote:
> > On Thu, Jan 25, 2007 at 08:48:42AM +0100, Jeffrey Altman wrote:
> >> I wonder if it should take a flag indicating whether the keytab should
> >> have the automatic destroy when refcount hits zero behavior.
> >
> > That implies a function to take references.
> In the current Heimdal implementation the krb5_kt_resolve function
> obtains a reference and the reference is removed when the krb5_kt_close
> function is called.

Right; you get a reference on resolve and lose it on close.  There has to
be a certain amount of refcounting in any case -- destroying a keytab
while someone else is using it might reasonably make its contents
unavailable, but should not cause the other user's pointers to become

However, Nico is right - if memory keytabs were not reachable by
krb5_kt_resolve, then you'd need a way to take references on a keytab
handle.  In fact, that strikes me as a good idea in any case, though I
don't see an immediate need.

-- Jeff

More information about the krbdev mailing list