[krbdev.mit.edu #3089] krb5_verify_init_creds() is not thread safe

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[krbdev.mit.edu #3089] krb5_verify_init_creds() is not thread safe

Greg Hudson via RT
krb5_verify_init_creds() is not thread safe.  In the case where the
creds provided to krb5_verify_init_creds() do not match the server, a
ccache is constructed with the name "MEMORY:rd_req". This is not thread
safe because all threads will use the same ccache name and will collide.
This can result in either false positives or false negatives.
_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs