[krbdev.mit.edu #8776] Replay Cache FD Leak

Thu Jan 24 14:00:49 EST 2019

Hello,

We use krb5 lib v1.10.3 in our product. Recently, one of our customers ran into a replay cache file descriptor leak issue in that there were many opened but deleted replay cache temp files staying around for days. For instance,

--------
Jan  7 13:44:28   fd 1220 (/shared/tmp/krb5_RCB8Wi7X (deleted)) : cloexec,  Fflags[0x8002], read-write
â€¦
Jan 11 09:25:40  fd 1220 (/shared/tmp/krb5_RCB8Wi7X (deleted)) : cloexec,  Fflags[0x8002], read-write
--------
Jan  8 15:33:17  fd 1529 (/shared/tmp/krb5_RCGIGQ1X (deleted)) : cloexec,  Fflags[0x8002], read-write
â€¦
Jan 11 09:25:40  fd 1529 (/shared/tmp/krb5_RCGIGQ1X (deleted)) : cloexec,  Fflags[0x8002], read-write
--------
Jan  9 12:05:14  fd 355 (/shared/tmp/krb5_RCG6JmM9 (deleted)) : cloexec,  Fflags[0x8002], read-write
â€¦
Jan 11 09:25:40  fd 355 (/shared/tmp/krb5_RCG6JmM9 (deleted)) : cloexec,  Fflags[0x8002], read-write

Someone encountered the same issue with v1.10.3 and upgrading to v1.14.5 did not help (https://groups.google.com/forum/#!searchin/comp.protocols.kerberos/leak%7Csort:date/comp.protocols.kerberos/pN4QCVcEMWc/xYMDKrLuBgAJ).

We were wondering if there is a solution to or a workaround for this issue.

TIA,
Daniel