[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gss_release_cred(), and memory ccache

Andrew Bartlett <abartlet@samba.org> writes:

> Why does the GSSAPI layer care about what type of ccache it is?  I see
> that the object in-memory is reference counted, so shouldn't that be
> handled inside krb5_cc_close() (which seems to try and clean up some
> memory, but not all...)?

Because the gssapi internally creates mcc:s, and when those are released,
they need to be destroyed. mcc are not killed when refcount gets to 0, they
are stored on a linked list and can be picked up later with
krb5_cc_resolve. The behavior matches the MIT code, if it was up to me, I
wouldn't do it that way, but now it is.

Maybe its time for a new cc type that doesn't have this property, but
rather get kill when refcount gets to 0, that would also solve the problem
with concurrency.


PGP signature