[37971] in Kerberos
Re: fd (file descriptor) leak in replay cache
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Apr 21 12:38:29 2017
To: Parity error <bootup32@gmail.com>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <b0c9174e-1924-16f0-3ea0-34041c0aadcd@mit.edu>
Date: Fri, 21 Apr 2017 12:38:12 -0400
MIME-Version: 1.0
In-Reply-To: <CA+rFPTNZ9kkET+23g=V57BcoA8oG5DRpbvLaDr=K=+LdFycP6w@mail.gmail.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 04/21/2017 10:27 AM, Parity error wrote:
> It would help a lot for my debugging if you could tell me how these
> krb5_RCxxxxxx files are used. There is a rename and dup also going on.
In its current design, the replay cache needs to be periodically
expunged so that it does not grow without bound. To do this, the code
opens a temporary file named krb5_RCxxxxxx, writes the non-expired
entries to the file, then renames it over the existing rcache.
It's possible that lsof is reporting the krb5_RCxxxxxx names when the fd
is actually (after the rename) pointing to the host_1000 file.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
