init_sec_context() stores a sub, sub domain tgt without deleting existing one causing Memory Leak - (KRB5_GC_NO_STORE).
Rahul G
rahulrasm at gmail.com
Fri May 12 15:49:10 EDT 2017
Hello,
I observed that when a user from a sub sub domain (three levels down from
top) makes a request, *init_sec_context *function* (which eventually calls
get_creds.c)*
stores the TGT of the sub sub domain in the ccache.
Problem is, when a another user from the same domain makes a request, it
stores the same TGT again and
the cache now has 2 copies of the same TGT, and this continues for every
user thereby increasing the memory used by the process.
Setting the flag *KRB5_GC_NO_STORE *flag solves the issue or I think I can
also call the *krb5_cc_remove_cred *function to delete the tgts,
but I was wondering if there is any better solution. Also would like to
know if this behavior is intended or a known issue.
Thank You,
Rahul.
More information about the kfwdev
mailing list