Re: gss_release_cred(), and memory ccache

[Love Hörnquist Åstrand <lha@kth.se>]

Andrew Bartlett <abartlet@samba.org> writes:

> On Tue, 2005-05-17 at 12:45 +0200, Love Hörnquist Åstrand wrote:
>> Andrew Bartlett <abartlet@samba.org> writes:
>> 
>> > Why does the GSSAPI layer care about what type of ccache it is?  I see
>> > that the object in-memory is reference counted, so shouldn't that be
>> > handled inside krb5_cc_close() (which seems to try and clean up some
>> > memory, but not all...)?
>> 
>> Because the gssapi internally creates mcc:s, and when those are released,
>> they need to be destroyed. mcc are not killed when refcount gets to 0, they
>> are stored on a linked list and can be picked up later with
>> krb5_cc_resolve. The behavior matches the MIT code, if it was up to me, I
>> wouldn't do it that way, but now it is.
>> 
>> Maybe its time for a new cc type that doesn't have this property, but
>> rather get kill when refcount gets to 0, that would also solve the problem
>> with concurrency.
>
> Thanks for the explanation - so the keytab type is effectively being
> used as a flag for 'I need to destroy this'.   I'm adding a few more of
> these, as I experiment with APIs that allow Samba to specify a
> krb5_context, ccache and the like.

s/keytab/cc/, but yes.

Love

PGP signature