[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Locking the krb5 replay cache

Andrew Bartlett <abartlet@samba.org> writes:

> In my wanderings as a Samba4 developer, I've been trying to remove a
> nasty piece of code that 'locks' the krb5 replay cache.
> My question to the Heimdal list is 'should this be the responsibility of
> the krb5 libs?'.  Currently, as far as I can tell, standard fopen
> ()/fwrite() calls are used to manipulate the krb5 replay cache, but
> nothing is done to tell if there are concurrent writes.  Is this
> correct?

Yes, but the reply cache isn't hooked in default, and unless you do that,
you don't have any problems.

> Is it viable for krb5 to be extended to provide this locking, in a way a
> configure test could pick up (so I can at least conditionally remove
> Samba's locking), and have it consistent with other apps that Samba may
> be sharing with on a system?.

Heimdal should provide its own locking when the reply cache is enabled.


PGP signature