in this PR #249 CanCacheTickets property was introduced in order to fix issue #248
public bool CanCacheTicket => this.CacheTicket ?? true &&
string.IsNullOrWhiteSpace(this.S4uTarget) && // is this line needed ?
this.S4uTicket == null &&
this.S4uTargetCertificate == null;But when we pass string s4u to GetServiceTicket - it looks like tickets can be cached - because s4u goes to Container string parameter in TicketCacheEntry and allows to correctly identify record in cache.
It will not break the test case described in #248
In our case we are calling http service from backend service on behalf of the user in many parallel threads - every call to GetServiceTicket(..., s4u: username) goes to KDC (because ticket for user is not cached) and we running out of SocketPool in case of many threads (even if TcpKerberosTransport.MaxPoolSize increased).
We have workarounds on this: locking call to GetServiceTicket or using SemaphoreSlim(TcpKerberosTransport.MaxPoolSize,TcpKerberosTransport.MaxPoolSize) before it ... but it looks too rude
in this PR #249
CanCacheTicketsproperty was introduced in order to fix issue #248But when we pass string
s4utoGetServiceTicket- it looks like tickets can be cached - becauses4ugoes toContainerstring parameter inTicketCacheEntryand allows to correctly identify record in cache.It will not break the test case described in #248
In our case we are calling http service from backend service on behalf of the user in many parallel threads - every call to
GetServiceTicket(..., s4u: username)goes to KDC (because ticket for user is not cached) and we running out of SocketPool in case of many threads (even if TcpKerberosTransport.MaxPoolSize increased).We have workarounds on this: locking call to GetServiceTicket or using SemaphoreSlim(TcpKerberosTransport.MaxPoolSize,TcpKerberosTransport.MaxPoolSize) before it ... but it looks too rude