[30678] in Kerberos
How to disable replay cache in a kerberized client-server app ?
daemon@ATHENA.MIT.EDU (matthieu)
Tue Feb 3 15:34:34 2009
From: matthieu <matthieu.hautreux@gmail.com>
Date: Tue, 3 Feb 2009 11:48:07 -0800 (PST)
Message-ID: <257842c2-a788-4908-906e-ac30ffd78aa9@r37g2000prr.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I'm currently writing a kerberized daemon and would like to disable
replay cache. I'm using krb5-1.6.1 (RedHat 5.2).
I did not find any relevant function in the API. I finally find the
krb5_rc_resolve_full function in the krb5 source code and use it for
now with a replay cache file name like "none:nofile". It works quite
great. I just have to free the returned krb5_rcache structure manually
to prevent a memory leak.
Is there an other way to do that ? The reason why I have to do this is
that I need to write a scalable deamon and that replay cache mechanism
provides a huge contention in my multithreaded application. I first
searched for a way to use a different replay cache file per thread but
didn't find a way to do it either.
I also have an other question. Is it possible to get an addressless
TGT using a non addressless one. A kind of forward that give you back
an addressless ticket ?
Thank you for your help.
Regards,
Matthieu
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
