Memory Leak problems with krb5_get_init_creds_password?

Donn Cave donn at u.washington.edu
Wed Aug 17 14:51:08 EDT 2005


In article <20050817145802.GF20989 at usc.edu>, cfb at usc.edu (Chet Burgess) 
wrote:
[ ... re memory leak caused by DNS KDC lookup ... ]
> 	The res_ninit() call and the subsequent calls for the DNS
> records are made in the krb5int_dns_init function found at
> src/lib/krb5/os. The res_ninit() call is made for every lookup. As for
> the DNS vs. config file variable, I had a proper krb5.conf file that
> listed the REALM and the KDCs, untill I added "dns_fallback = false"
> to the config file it would always try DNS then look at the config
> file.

That's weird, but there are some potential surprises.  For an
example I ran into myself, if your initial request fails, it
will be retried to the configured "master_kdc".  Of course if that
isn't in krb5.conf it will go to DNS ("_kerberos-master._udp".)

"master_kdc" is fairly recent and likely not configured at a
lot of sites where the krb5.conf goes back a ways (or maybe
where there is no master KDC, though such sites may as well
configure a value anyway.)

   Donn Cave, donn at u.washington.edu


More information about the Kerberos mailing list