krb5_verify_init_creds() is not thread safe. In the case where the creds provided to krb5_verify_init_creds() do not match the server, a ccache is constructed with the name "MEMORY:rd_req". This is not thread safe because all threads will use the same ccache name and will collide. This can result in either false positives or false negatives.