Return-Path: X-Original-To: krb5-send-pr-nospam1@krbdev.mit.edu Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id 2220DCCC84; Thu, 12 Mar 2009 21:36:43 +0000 (UTC) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id n2CLahpv014638; Thu, 12 Mar 2009 17:36:43 -0400 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id n2CLafXW014634 for ; Thu, 12 Mar 2009 17:36:41 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id n2CLaHjk008390; Thu, 12 Mar 2009 17:36:17 -0400 (EDT) Received: from NOME-KING.MIT.EDU (NOME-KING.MIT.EDU [18.18.1.160]) (authenticated bits=0) (User authenticated as raeburn@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id n2CLZttL008865 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Thu, 12 Mar 2009 17:36:17 -0400 (EDT) Message-ID: <852B1E7C-606D-4F1F-B3B1-CFE71336BF14@mit.edu> From: Ken Raeburn To: krb5-bugs@MIT.EDU Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Subject: pkinit thread safety MIME-Version: 1.0 (Apple Message framework v930.3) Date: Thu, 12 Mar 2009 17:36:16 -0400 References: X-Mailer: Apple Mail (2.930.3) X-Scanned-BY: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu X-RT-Original-Encoding: us-ascii Content-Length: 1603 Begin forwarded message: > From: Mark Phalan > Date: March 12, 2009 17:13:40 EDT > To: Ken Raeburn > Cc: Nikhil Mishra , krbdev@mit.edu > Subject: Re: Is MIT kerberos thread safe ?? > X-Spam-Score: 0.00 > > > On 12 Mar 2009, at 17:43, Ken Raeburn wrote: > >> On Mar 12, 2009, at 08:55, Nikhil Mishra wrote: >>> As the subject says , Is MIT kerberos thread safe ? >>> My device is a high performance network appliance and >>> I need to analyze threadsafe-ness of MIT kerberos library. >> >> The 1.6.x releases should be thread-safe provided certain objects are >> not shared across threads for simultaneous use, primarily the >> Kerberos >> and GSSAPI context types. Various other objects, especially the >> simpler ones like krb5_data and krb5_principal, and most of the >> structures exposed in our API, can be shared as long as both uses are >> read-only. Some more complex, opaque types like krb5_ccache, and >> most >> if not all internal static data, have internal locking performed >> within the libraries, so that they can be used from multiple threads >> without corruption. >> >> Unfortunately, we don't have documentation written up on *exactly* >> what can be shared across threads and when, but "never share >> contexts, >> and share other stuff only as inputs not outputs" is a good >> guideline. >> >> And, all the above said, there could of course be bugs; if you run >> into anything, we'd like to know. > > > The PKINIT plugin is a problem if it is used in multiple threads due > to its use of OpenSSL. > > -M