fd (file descriptor) leak in replay cache

Greg Hudson ghudson at mit.edu
Fri Apr 21 12:38:12 EDT 2017

On 04/21/2017 10:27 AM, Parity error wrote:
> It would help a lot for my debugging if you could tell me how these
> krb5_RCxxxxxx files are used. There is a rename and dup also going on.

In its current design, the replay cache needs to be periodically
expunged so that it does not grow without bound.  To do this, the code
opens a temporary file named krb5_RCxxxxxx, writes the non-expired
entries to the file, then renames it over the existing rcache.

It's possible that lsof is reporting the krb5_RCxxxxxx names when the fd
is actually (after the rename) pointing to the host_1000 file.

More information about the Kerberos mailing list