Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) Subject: Interleaved init_creds operations use same per-request preauth context X-RT-Original-Encoding: iso-8859-1 Content-Length: 723 In preauth2.c, krb5_preauth_context_st mixes context-global preauth data with per-request data. The "tried" field of krb5_preauth_context_st and the "req" field of clpreauth_handle are per-request, while the "vt" and "data" fields of clpreauth_handle are context-global. Alll of this information is managed out of krb5_context, not krb5_init_creds_context. So if a caller interleaves krb5_init_creds_init/krb5_init_creds_step for different krb5_init_creds_context objects with the same krb5_context object, both operations will use the same per-request preauth data, likely causing one or both operations to fail. The per-request information should be separated out and managed out of krb5_init_creds_context.