Subject: | krb5_verify_init_creds() is not thread safe |
krb5_verify_init_creds() is not thread safe. In the case where the
creds provided to krb5_verify_init_creds() do not match the server, a
ccache is constructed with the name "MEMORY:rd_req". This is not thread
safe because all threads will use the same ccache name and will collide.
This can result in either false positives or false negatives.
creds provided to krb5_verify_init_creds() do not match the server, a
ccache is constructed with the name "MEMORY:rd_req". This is not thread
safe because all threads will use the same ccache name and will collide.
This can result in either false positives or false negatives.