Skip Menu |
 

Subject: krb5_verify_init_creds() is not thread safe
krb5_verify_init_creds() is not thread safe. In the case where the
creds provided to krb5_verify_init_creds() do not match the server, a
ccache is constructed with the name "MEMORY:rd_req". This is not thread
safe because all threads will use the same ccache name and will collide.
This can result in either false positives or false negatives.
Fixed by ticket #4805, which uses krb5_cc_new_unique().