[19563] in Kerberos
no file locking used when reading/writing replay cache?
daemon@ATHENA.MIT.EDU (Cesar Garcia)
Sat Jul 12 18:15:10 2003
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <16144.33827.362156.337126@limus.ms.com>
Date: Sat, 12 Jul 2003 17:56:51 -0400
From: Cesar Garcia <Cesar.Garcia@morganstanley.com>
To: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
short:
There does not appear to be use of file locks when reading/writing to
replay cache files.
long:
We are implementing gss authentication via client and server side
security exits invoked by a vendor application. The application is
both multi-processed and multi-threaded. We have applied various
patches in order to get this code to run cleanly under Purify and use
a mutex in both the client and server side to serialize the entire
sequence of gss calls (within a single process only, of course).
Under extremely high load (note this involves multiple app-server
processes), we are getting SEGVs in our security exit. Unfortunately
the vendor product catches SEGV, so getting a core, stack trace, etc,
will involve some work.
In the mean time, I noticed that there is no use of file locking when
reading/writing to the replay cache. Unfortunately, I also don't have
copy of the replay cache file for us to examine. I wish I had more to
work with - I'm working with the application team to get better data.
However, even if this is not the cause of the problem we saw, I
thought it might be worth raising this issue.
Any insight would be appreciated.
Thanks,
Cesar
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
