Bug ID: 6221296 Kerberos should not use fopen to read keytab files

Bug ID	6221296
Synopsis	Kerberos should not use fopen to read keytab files
State	10-Fix Delivered (Fix available in build)
Category:Subcategory	kerberosv5_bundled:other
Keywords	256 \| fds \| kerberos \| keytab \| rtiq_reviewed
Responsible Engineer	Wyllys Ingersoll
Reported Against	5.8 , solaris_8
Duplicate Of
Introduced In	solaris_8
Commit to Fix	snv_09
Fixed In	snv_09
Release Fixed	solaris_nevada(snv_09) , solaris_10u5(s10u5_08) (Bug ID:2153162)
Related Bugs	4960267 , 6530090 , 4353836 , 6234782
Submit Date	25-January-2005
Last Update Date	16-January-2008
Description	Customer has an NSAPI "C" plugin that performs GSSAPI authentication (using Kerberos). The applicatoin itself has > 256 file descriptors open at one time (its a busy app). When GSSAPI authentication is needed, it fails whenever there are already 256 fds open because of the STREAMS limitation in 32-bit Solaris. xxxxx@xxxxx.com 2005-1-25 16:32:13 GMT
Work Around	Compiling in 64-bit mode may solve the problem, but it may not be possible because the authentication module is a plugin to a larger framework that may not support 64-bit plugins. xxxxx@xxxxx.com 2005-1-25 16:32:13 GMT Because one can never know what libraries will use stdio one way to work around this is to dup2() all fildes of interest in the application up above 255, then close() the original -- this leaves fildes < 256 available for use by libraries. It is also possible to write a LD_PRELOAD interposer that does this, and more, transparently. xxxxx@xxxxx.com 2005-1-25 17:09:45 GMT Customer has implemented an interposer library to dup the file descriptors to a higher value so that the STDIO files can still be opened. xxxxx@xxxxx.com 2005-1-27 16:13:30 GMT
Comments	N/A

OpenSolaris