[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gss_release_cred(), and memory ccache

To: Andrew Bartlett <abartlet@samba.org>
Subject: Re: gss_release_cred(), and memory ccache
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Tue, 17 May 2005 12:45:18 +0200
Cc: heimdal-discuss@sics.se
In-Reply-To: <1116298065.7925.89.camel@amy.samba4.abartlet.net> (AndrewBartlett's message of "Tue, 17 May 2005 12:47:45 +1000")
References: <1116298065.7925.89.camel@amy.samba4.abartlet.net>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (berkeley-unix)

Andrew Bartlett <abartlet@samba.org> writes:

> Why does the GSSAPI layer care about what type of ccache it is?  I see
> that the object in-memory is reference counted, so shouldn't that be
> handled inside krb5_cc_close() (which seems to try and clean up some
> memory, but not all...)?

Because the gssapi internally creates mcc:s, and when those are released,
they need to be destroyed. mcc are not killed when refcount gets to 0, they
are stored on a linked list and can be picked up later with
krb5_cc_resolve. The behavior matches the MIT code, if it was up to me, I
wouldn't do it that way, but now it is.

Maybe its time for a new cc type that doesn't have this property, but
rather get kill when refcount gets to 0, that would also solve the problem
with concurrency.

Love

PGP signature

Follow-Ups:
- Re: gss_release_cred(), and memory ccache
  - From: Andrew Bartlett <abartlet@samba.org>

References:
- gss_release_cred(), and memory ccache
  - From: Andrew Bartlett <abartlet@samba.org>

Prev by Date: Re: Current ideas on kerberos requirements for Samba4
Next by Date: Re: heimdal 0.6.4 ftpd crash
Prev by thread: gss_release_cred(), and memory ccache
Next by thread: Re: gss_release_cred(), and memory ccache
Index(es):
- Date
- Thread