Memory Leak problems with krb5_get_init_creds_password?
Chet Burgess
cfb at usc.edu
Tue Aug 16 14:26:06 EDT 2005
On Fri, Aug 12, 2005 at 05:44:21PM -0700, Chet Burgess wrote:
> All,
> I am having a problem with the krb5_get_init_creds_password
> API call. It looks like it is causing a memory leak, or perhaps I am
> not freeing things properly. I am trying to write a pretty simple
> plugin to an existing application to do kerberos authentication. While
> I got everything working properly and authenticating, during a 12-hour
> stress test I noticed a 4.5GB memory leak.
For those curious, the problem is/was the fact that solaris
resolver does not have a call to free the memory allocated by
res_ninit(). Since the kerberos code calls this to search DNS for TXT
and SRV records in attempt to find the REALM for a server and the
KDC(s) for a REALM it needs to use the resolver and this was causing
the leak. The work around I found is by placing the REALM and KDC(s)
in the krb5.conf file and also adding "dns_fallback = false" to the
[libdefaults] section. The "dns_fallback" options tells the libraries
to use only the config file and to never try DNS when trying to find a
REALM and KDC(s). It is important to note that even if you have the
REALM and KDC(s) listed in the file properly the library will still
try DNS first, so you MUST add "dns_fallback = false" to turn off the
resolver calls.
--
Chet Burgess
Manager, Enterprise Collaboration Services
Information Services Division
University of Southern California
cfb at usc.edu
213-740-5160
More information about the Kerberos
mailing list