[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gss_release_cred(), and memory ccache

On Tue, 2005-05-17 at 12:45 +0200, Love Hörnquist Åstrand wrote:
> Andrew Bartlett <abartlet@samba.org> writes:
> > Why does the GSSAPI layer care about what type of ccache it is?  I see
> > that the object in-memory is reference counted, so shouldn't that be
> > handled inside krb5_cc_close() (which seems to try and clean up some
> > memory, but not all...)?
> Because the gssapi internally creates mcc:s, and when those are released,
> they need to be destroyed. mcc are not killed when refcount gets to 0, they
> are stored on a linked list and can be picked up later with
> krb5_cc_resolve. The behavior matches the MIT code, if it was up to me, I
> wouldn't do it that way, but now it is.
> Maybe its time for a new cc type that doesn't have this property, but
> rather get kill when refcount gets to 0, that would also solve the problem
> with concurrency.

Thanks for the explanation - so the keytab type is effectively being
used as a flag for 'I need to destroy this'.   I'm adding a few more of
these, as I experiment with APIs that allow Samba to specify a
krb5_context, ccache and the like.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

This is a digitally signed message part