[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_crypt module will change the world



I forgot to mention this: on Solaris 2.6 dtsession is multi-threaded
(@!$%^&*#@). The function where dtsession segfaults when using PAM_KRB5
is initstate() (part of the random() API); initstate() is not
thread-safe, so says the manual.

Cheers,

Nico


On Tue, Apr 17, 2001 at 05:44:37PM -0400, Nicolas Williams wrote:
> > As for PAM modules that aren't thread-safe, can you point to specific cases?
> 
> PAM_KRB5.
> 
> Because MIT krb5 is NOT thread safe. It's designed to be, but there are
> thread-safety issues in a number of places, including the ccache code,
> the rcache code, some of the OS-specific code (reentrant resolver calls
> are not used).
> 
> I've seen this cause dtsession, on Solaris 2.6 with the latest dtsession
> patch crash. The crash was in initstate(), called by random() called by
> the resolver, called by MIT krb5. I'm working around this.
> 
> > Steve Langasek
> > postmodern programmer
> 
--





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []