GSSAPI contexts used in multiple threads

Jeffrey Altman jaltman at
Wed Mar 5 00:01:59 EST 2008

Ken Raeburn wrote:

> Also, whether replay detection is helpful depends not just on the  
> nature of one protocol in use, but also on what other protocols might  
> be in use using the same service principal at a given site.  One  
> particular IMAP client implementation can't tell whether my server  
> supports some other, poorly-protected protocol for which the same  
> imap/foo service principal is also used, and to which my (sniffed)  
> authenticator could be retransmitted.

This assumes that all processes on the system use the same replay
cache.  Unless an application or krb5.conf explicitly specifies
a replay cache I do not believe that all processes on the system
will use the same rcache.  Instead I believe cache files are allocated
one per process.

At least this is certainly the case when the library is used on

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the krbdev mailing list