Re: Using GSSAPI without implicit static/global variables

[Sam Hartman <hartmans@mit.edu>]

>>>>> "Andrew" == Andrew Bartlett <abartlet@samba.org> writes:

    Andrew> On Sun, 2005-02-13 at 00:45 +1100, Luke Howard wrote:
    >> >The particular use case I'm worried about is when we have the
    >> client >libraries used in a threaded manner, such that two
    >> different kerberos >principals are being used to contact two
    >> different servers.  It would >seem impossible to do this in a
    >> thread-safe manner, because at the very >least, the ccache is
    >> tied to the gss_krb5_context, and is therefore a >global
    >> variable.  Even without threads, it looks messy to swtich
    >> around >the ccache before all the respective calls.
    >> 
    >> A credentials cache is associated with a GSS credentials
    >> handle, not a context. But it's true that there is no way to
    >> bind a ccache to a cred handle without calling
    >> gss_krb5_ccache_name(), for which calls must be serialized.

    Andrew> Assuming I create new calls that do all the things
    Andrew> required to make this sane, what is the correct forum to
    Andrew> make them 'standard'.  I presume kitten?

krb5-specific calls are probably not a kitten issue.  I think your
best bet there is to copy this list and krbdev@mit.edu.  I don't know
whether you will see convergence; Love and I have different ideas
about API design and I don't know how to resolve that issue.


--Sam