[Bug 1179820] New: Kerberos KDC connection limit too low

Greg Hudson ghudson at mit.edu
Wed Jan 21 11:34:52 EST 2015

On 01/21/2015 09:54 AM, Roland Mainz wrote:
> 1. ignore the fd ulimit issue and just bump the limit to something like 128
> 2. make default dynamic, based on the $(ulimit -n) value, but use |MIN(default, 45)|
> 3. make the default static but issue a warning when we're below a certain fd limit
> 4. set the ulimit for max. open files ourselves to 1024 when we're below that limit and issue a warning when the syscall fails
> 5. <... insert more options here...>

I think the best choice is to leave the hardcoded limit at 45 and add a
profile variable to change it.

We could choose a default based on getrlimit(RLIMIT_NOFILE) and an
imprecise estimate of fd usage by the rest of the KDC, bounded by some
maximum, but I think that's too complicated.

More information about the krbdev mailing list