Semantics of KRB5_TC_OPENCLOSE

Nico Williams nico at
Wed Jan 29 02:37:37 EST 2014

I believe there might be a marginally useful meaning to
KRB5_TC_OPENCLOSE: get a ccache handle, unset this flag, unlink(2) the
file, and now you can keep using that ccache even if the underlying
file cannot be opened.

I don't think that is _actually_ useful, but maybe someone actually
depends on that?  I doubt it, but I'd be curious to know if anyone

Mind you, that semantic can be preserved easily enough while still the
thread-safety issues w.r.t. KRB5_TC_OPENCLOSE: just use dup(2) or
similar in krb5_fcc_start_seq() if there's an open fd in the ccache
handle (else open(2) the file), store that fd in the cursor, and use
that while iterating creds in krb5_fcc_next_cred().


More information about the krbdev mailing list