On Tue, 2005-05-17 at 12:45 +0200, Love Hörnquist Åstrand wrote: > Andrew Bartlett <abartlet@samba.org> writes: > > > Why does the GSSAPI layer care about what type of ccache it is? I see > > that the object in-memory is reference counted, so shouldn't that be > > handled inside krb5_cc_close() (which seems to try and clean up some > > memory, but not all...)? > > Because the gssapi internally creates mcc:s, and when those are released, > they need to be destroyed. mcc are not killed when refcount gets to 0, they > are stored on a linked list and can be picked up later with > krb5_cc_resolve. The behavior matches the MIT code, if it was up to me, I > wouldn't do it that way, but now it is. > > Maybe its time for a new cc type that doesn't have this property, but > rather get kill when refcount gets to 0, that would also solve the problem > with concurrency. Thanks for the explanation - so the keytab type is effectively being used as a flag for 'I need to destroy this'. I'm adding a few more of these, as I experiment with APIs that allow Samba to specify a krb5_context, ccache and the like. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
This is a digitally signed message part