Question about krb5_fcc_(destroy vs. close)

Peter Shoults peter.shoults at
Wed Aug 11 11:46:21 EDT 2010


I am looking into a memory leak issue in Kerberos, and in the process of
investigation, I ran into the routines krb5_fcc_(close & destroy).  It
turns out a routine in our code on error at times calls krb5_fcc_close
and at other times it calls krb5_fcc_destroy.  I am trying to understand
the differences between these routines.   I looked in our man pages, and
online documentation, and the only real reference I found was an HP site.

The verbage for both of these is exactly the same (except for one word):

"This routine (closes destroys) the credentials cache id, invalidates
id, andreleases id and any other resources acquired during use of
thecredentials cache. It requires that id identifies a valid
credentialscache. After return, id must not be used unless it is first
reinitialized using krb5_cc_resolve or krb5_cc_gen_new."

It does not appear that either of these routines do all of this. Destroy
looks like it clears things out completely, but does not free, close
looks like it disassociates things, and free, but does not clear things
out.  As a follow on, I am confused why we would have two routines that
appear to do exactly the same thing.


More information about the krbdev mailing list