[5307] in Kerberos
Re: krb5_recvauth()
daemon@ATHENA.MIT.EDU (Ed Phillips)
Thu Jun 1 11:45:35 1995
Date: Thu, 1 Jun 1995 11:30:00 -0400 (EDT)
From: Ed Phillips <flaregun@udel.edu>
To: "Theodore Ts'o" <tytso@MIT.EDU>
Cc: kerberos@MIT.EDU
In-Reply-To: <9506010422.AA14749@dcl.MIT.EDU>
On Thu, 1 Jun 1995, Theodore Ts'o wrote:
> No, the replay cache *shouldn't be part of the krb5_context, because an
> application may be accepting authentications as multiple services, and
> you need a separate replay cache for each server principal.
> Furthermore, you do have to keep the reply cache in disk, because
> multiple processes may need to access the same reply cache
> simultaneously. So the requirement to load in the entire rcache, add
> entries to it, and saving it back, is always going to be a requirement.
> That's why you need to do file locking on the rcache.
So, for a simple server, using one service principal, just doing
krb5_recvauth(), you really should initialize your own rcache. Then when
a new connection comes in, you can call krb5_auth_con_init(), and call
krb5_auth_con_setrache() to point the in memory rcache. The real dilemma
is, if you call krb5_auth_con_setrcache(), should calling
krb5_auth_con_free() close the rcache, or just free the pointer to it in
the auth context? If I explcitly call krb5_auth_con_setrcache(), then one
would expect that I will close it when I want to, not expect it to be
closed as a side-effect of calling krb5_auth_con_free(). I looks like the
rcache pointer in the auth context may have to continue working this way,
unless there is some way of denoting that the rcache was explicitly set by
a call to krb5_auth_con_setrcache(), or setup by a libkrb5.a routine.
Maybe krb5_recvauth() should require an rcache be set up and passed to it,
or it should close any rcache it creates/recovers before returning.
Thanks Ted,
Ed
+-------------------------------------------------------------------------+
| Ed Phillips <flaregun@udel.edu> University of Delaware (302) 831-6082 |
| Jr Systems Programmer, Network and Systems Services, Info. Technologies |
| Public key footprint: 1C D4 AC C2 A3 D5 97 AA DB 3B D8 85 88 E7 40 B8 |
| Finger flaregun@udel.edu for PGP public key |
+-------------------------------------------------------------------------+
