an issue relating to using current MIT krb code in kernel space

Will Fiveash will.fiveash at
Thu Jan 20 16:32:35 EST 2011

I've been looking at newish MIT code and have discovered some changes
from the older 1.6 release that make life more difficult when using this
code for the Solaris krb mech kernel module.  The issue is that in the
Solaris kernel space the function to free memory requires two parameters
(one being the address to free and the other the number of bytes to
free).  In MIT 1.6 krb5_set_default_in_tkt_ktypes() was doing the

    context->in_tkt_ktypes = new_ktypes;
    context->in_tkt_ktype_count = i;

Setting context->in_tkt_ktype_count was useful for the kernel krb mech
because in krb5_free_context() we could do this:

     if (ctx->in_tkt_ktypes) {
          FREE(ctx->in_tkt_ktypes, sizeof(krb5_enctype) *(ctx->in_tkt_ktype_count+1) );
      ctx->in_tkt_ktypes = 0;

(FREE() is a macro that expands to the kernel kmem_free((x), (n)) when
compiling for the kernel).  In the 1.8 MIT code
context->in_tkt_ktype_count has been removed so I either have to add it
back for Solaris or dynamically calculate the number of krb5_enctype
entries there are in context->in_tkt_ktypes before I call

Something to consider when providing code for platforms that provide a
kernel space krb mech like Solaris.

Will Fiveash
Sent using mutt, a sweet, text based e-mail app <>

More information about the krbdev mailing list