[2422] in Kerberos_V5_Development
Re: Kerberos V4 Re-entrancy Question and a Solaris threaded server.
daemon@ATHENA.MIT.EDU (Jeffery D. Jacobson)
Wed Jul 9 22:22:53 1997
Date: Wed, 9 Jul 1997 19:21:58 -0700
From: jdj@busstop.jpl.nasa.gov (Jeffery D. Jacobson)
To: epeisach@MIT.EDU
Cc: krbdev@MIT.EDU, tytso@MIT.EDU, jdj@busstop.jpl.nasa.gov
In-Reply-To: <9707100123.AA06132@kangaroo.mit.edu> (message from Ezra Peisach on Wed, 09 Jul 1997 21:23:57 EDT)
Hi Esra,
Thanks for you're quick reply. The code is calling rd_req, getting
the service key from the default srvtab! krb_set_key will work for
me. I'll make that change. There is no reason to go to srvtab each
time. That'll take care of the service-key MT unsafe problem. But, I
notice int the rd_req () code:
static int swap_bytes; /* Need to swap bytes? */
static int mutual; /* Mutual authentication requested? */
static unsigned char s_kvno;/* Version number of the server's key
.
.
.
/* byte order */
swap_bytes = 0;
if ((*ptr & 1) != HOST_BYTE_ORDER)
swap_bytes++;
/* check msg type */
mutual = 0;
switch (*ptr++ & ~1)
etc, and this doesn't look safe. So, I maybe I should "mutex"
krb_rd_req, but use your set_key suggestion. In this way, rd_req will
do no I/O, so my critical section shouldn't be too bad. Unless of
course, I've missed something there, rd_req going to the kerberos
server or something which would surprise me.
Jeff Jacobson Tel:818.354.8318 Fax:818.393.6962
Jet Propulsion Laboratory Mailstop: 168-414
4800 Oak Grove Drive
Pasadena, CA 91109
