Creating GSSAPI initiate credential using keytab entry

Greg Hudson ghudson at MIT.EDU
Wed Mar 10 10:15:37 EST 2010

On Wed, 2010-03-10 at 05:28 -0500, Richard Evans wrote:
> However I found that if I destroyed the cache and freed the context before the gss_init_sec_context call, I
> got a segfault:

I am actually not sure why you're getting a seg fault (valgrind might
help), but you shouldn't be destroying the memory ccache before calling

You can think of memory ccaches as being like files living in a single
directory, except that the directory lives in process memory as a
mutex-protected linked list instead of living in the filesystem.  If you
have a reference to a memory ccache, you can either close it with
krb5_cc_close() it to release the reference, or you can use
krb5_cc_destroy() to destroy the cache itself and the reference along
with it.

Since you presumably don't want the cache to stick around forever after
your GSS operation, the simplest thing to do is to hold onto the
reference until after the GSS operation and then krb5_cc_destroy() it.

More information about the krbdev mailing list