On Feb 20, 2008, at 13:57, Russ Allbery wrote: > An interesting question came up on one of the OpenLDAP lists.
It was brought up on one of the Kerberos lists not too long ago, too. > Provided that a GSSAPI authentication is done entirely within a single > thread, is it safe to do subsequent reads and writes to that > connection > through the GSSAPI layer in different threads? Or does that > violate the > underlying requirements of the MIT Kerberos libraries? (It apparently > works fine in practice with Heimdal.) We currently assume that a security context is used in only one thread at a time, so you could switch between threads, just not use it simultaneously in multiple threads. But the person looking into it earlier concluded that there may not be anything besides the sequence number that's actually subject to race conditions there (and that window's probably small enough that it might "work fine in practice" much of the time, but no promises), so we could look into extending the concurrency for this case, and just do some internal locking around the sequence number accesses. -- Ken Raeburn, Senior Programmer MIT Kerberos Consortium ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
