Is MIT kerberos thread safe ??
raeburn at MIT.EDU
Thu Mar 12 12:43:09 EDT 2009
On Mar 12, 2009, at 08:55, Nikhil Mishra wrote:
> As the subject says , Is MIT kerberos thread safe ?
> My device is a high performance network appliance and
> I need to analyze threadsafe-ness of MIT kerberos library.
The 1.6.x releases should be thread-safe provided certain objects are
not shared across threads for simultaneous use, primarily the Kerberos
and GSSAPI context types. Various other objects, especially the
simpler ones like krb5_data and krb5_principal, and most of the
structures exposed in our API, can be shared as long as both uses are
read-only. Some more complex, opaque types like krb5_ccache, and most
if not all internal static data, have internal locking performed
within the libraries, so that they can be used from multiple threads
Unfortunately, we don't have documentation written up on *exactly*
what can be shared across threads and when, but "never share contexts,
and share other stuff only as inputs not outputs" is a good guideline.
And, all the above said, there could of course be bugs; if you run
into anything, we'd like to know.
Depending on the OS, there may also be a few bits where no thread-safe
OS version of some functionality is available. In particular, tty
handling when prompting for passwords is not likely to be thread-safe
-- but if your application is prompting for several passwords
simultaneously, it's probably doing something else wrong.
> I have followed following links from past discussion
> forums :
[... stuff five years old ...]
The thread-safety patches were included in the 1.4 release series, not
too long after those discussions.
More information about the krbdev