kadmind crash because of many kadmin_0 file descriptors
Greg Hudson
ghudson at MIT.EDU
Fri Jan 18 13:05:16 EST 2013
On 01/18/2013 12:37 PM, Jonathan Reams wrote:
> Earlier this week we had a problem where kadmind exceeded its file
> descriptor ulimit with roughly a thousand open file descriptors for
> /var/tmp/kadmin_0.
That's a replay cache.
By my understanding of the code, kadmind should create 16-24 handles to
the replay cache at startup (that number could be reduced to 2-3 pretty
easily), and then the number shouldn't grow after that. The handles are
created eight at a time by calls to gss_acquire_cred() from
svcauth_gssapi_set_names().
Obviously that's not what you're seeing in your environment, but I'm not
immediately sure what code paths could result in additional opens of the
replay cache.
More information about the Kerberos
mailing list