rewrite gss_krb5_ccache_name

Stephen Ince since at opendemand.com
Sat Nov 22 13:29:16 EST 2008 

Thx. Not really possible and has other side effects. We need the application 
needs to run as lean as possible. One thread consumes a lot of memory and 
will have to be around for the life of the program. At one point you could 
have 2000 threads and at another point 10 threads. We basically simulate 
browsers and their http connections.

Steve
----- Original Message ----- 
From: "Jeffrey Altman" <jaltman at secure-endpoints.com>
To: "Stephen Ince" <since at opendemand.com>
Cc: "Jeffrey Hutzelman" <jhutz at cmu.edu>; "krbdev" <krbdev at mit.edu>
Sent: Saturday, November 22, 2008 10:54 AM
Subject: Re: rewrite gss_krb5_ccache_name


> You do not need to write this function.   That is not the bug you are
> experiencing.
> The bug is the library's failure to deallocate memory assigned to Thread
> Local Storage.
> You are not using the 'old_name' parameter set to anything other than 
> NULL.
>
> The way to avoid this problem is to redesign your application to use a
> pool of pre-existing worker threads instead of spinning off a new thread
> for each connection and letting it die when the application terminates.
> This solution would also use less CPU.
>
> Jeffrey Altman
>
> Stephen Ince wrote:
>> Is there a work around for this? Can I write my own
>> xgss_krb5_ccache_name? Or can I force a free?
>>
>> ----- Original Message ----- From: "Jeffrey Hutzelman" <jhutz at cmu.edu>
>> To: <jaltman at secure-endpoints.com>
>> Cc: "Stephen Ince" <since at opendemand.com>; "krbdev" <krbdev at mit.edu>;
>> <jhutz at cmu.edu>
>> Sent: Saturday, November 22, 2008 12:13 AM
>> Subject: Re: rewrite gss_krb5_ccache_name
>>
>>
>>> --On Friday, November 21, 2008 11:57:54 PM -0500 Jeffrey Altman
>>> <jaltman at secure-endpoints.com> wrote:
>>>
>>>> Note that there is a second problem with this api.  When a non-NULL
>>>> 'old_name' parameter is provided, it must be freed using the same
>>>> free() as is linked to the gssapi32.dll library.  Unfortunately,
>>>> there is no gss_krb5_free_ccname() function in the API available
>>>> to make sure that this is possible.  As a result, passing anything
>>>> other than NULL as the 'old_name' parameter is dangerous on Windows.
>>>
>>> This is indeed a bug in the API.  The old_name parameter should never
>>> have been a char **; it should have been a gss_buffer_t, which would
>>> have allowed it to be released using gss_release_buffer().
>>>
>>> -- Jeff
>>>
>>
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 1880 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20081122/c6c42e07/attachment.bin

More information about the krbdev mailing list