[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is Heimdal thread safe?

Alexey Melnikov <Alexey.Melnikov@MessagingDirect.com> writes:

> Does anybody have any information whether Heimdal is thread-safe?

We haven't done anything special to make it thread safe. There are,
however, few global variables and such, so it wouldn't be very hard to
add locks where necessary.

It would probably be possible to have several threads sharing one
context (but with separate auth_contexts).

Unfortunately the C bindings for GSS-API are not really thread safe in
the first place, so making a thread safe library without a global lock
would not be easy.

Take gss_compare_name for instance:

  gss_compare_name (OM_uint32 * minor_status,
                    const gss_name_t name1,
                    const gss_name_t name2,
                    int * name_equal);

It's a very simple function that just compares two names, and tells
whether they are equal. But if you need more that just the names
themselves to do this, you're smoked. In the Heimdal case you need a
krb5_context, and the only way to inject a krb5_context in this API is
via a global variable.