is krb5_cc_initialize() thread safe
Olga Kornievskaia
aglo at umich.edu
Thu Feb 20 21:08:13 EST 2025
On Thu, Feb 20, 2025 at 8:52 PM Ken Hornstein <kenh at cmf.nrl.navy.mil> wrote:
>
> >In my testing I've had gssd setup use the "default" ccache type which
> >is FILE. I haven't tried if setting it use_memory (switching to
> >MEMORY) works better. But regardless, gssd needs to do something
> >"better" for the case of FILE credential type and I'm trying to figure
> >out what that should be.
>
> Greg does bring up the larger meta-issue that you're apparantly trying
> to have two threads call krb5_cc_initiualize() on the same FILE
> credential cache; what, exactly, are you trying to accomplish there?
NFS gssd service is multithreaded (has been for a while now). And at
some point we've allowed multiple upcalls for the same UID (leading to
the upcalls looking/working on the same credential cache) and thus the
problem that krb5_cc_initialize() is called by 2 threads. It was
assumed that kerberos libraries are "thread-safe".
>
> --Ken
More information about the krbdev
mailing list