Relation between krb5_creds and krb5_context

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Relation between krb5_creds and krb5_context

Philipp Gesang
Hi,

what is the significance of the krb5_context that
krb5_free_creds() takes as its first argument? As far as I can
see none of the functions down the call graph do anything with it
nor is the context stored in krb5_creds and its members.
Nevertheless, the API expects non-const pointer to be passed.

My reflex is to simply pass NULL instead of the context. I am
wondering though how future-proof this will be. Are credentials
somehow tied to the context they were obtained with?

FWIW the question came up in the context (n. p. i.) of keeping
credentials around in memory and accessing them from threads that
each have their own krb5_context.

Thanks,
Philipp


________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Relation between krb5_creds and krb5_context

Greg Hudson
On 7/16/19 10:23 AM, Philipp Gesang wrote:
> what is the significance of the krb5_context that
> krb5_free_creds() takes as its first argument?

In the beginning there was a design principle that every libkrb5 API
would take a context parameter (though there are a few exceptions).  The
context parameter for krb5_free functions is unused and is likely to
remain unused.  I have considered making a pass through the API and
documenting that the context parameter is optional for a bunch of
functions, including krb5_free functions.
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: Relation between krb5_creds and krb5_context

Philipp Gesang
Hi Greg,

-<| Quoting Greg Hudson <[hidden email]>, on Tuesday, 2019-07-16 12:26:48 PM |>-
> On 7/16/19 10:23 AM, Philipp Gesang wrote:
> > what is the significance of the krb5_context that
> > krb5_free_creds() takes as its first argument?
>
> In the beginning there was a design principle that every libkrb5 API
> would take a context parameter (though there are a few exceptions).  The
> context parameter for krb5_free functions is unused and is likely to
> remain unused.

thanks for providing the background.

>                 I have considered making a pass through the API and
> documenting that the context parameter is optional for a bunch of
> functions, including krb5_free functions.

That would be very much appreciated. For now I’ll have to do some
digging in the code to find out which of the APIs we use actually
require a context.

Best regards,
Philipp


________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos

signature.asc (849 bytes) Download Attachment