From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050920 Firefox/1.0.7 SUSE/1.0.7-0.1 Description of problem: When the 'validate' flag is given to pam_krb5 in the PAM configuration, pam_krb5 leaks a file descriptor. Version-Release number of selected component (if applicable): pam_krb5-2.1.8-1 How reproducible: Always Steps to Reproduce: 1. Enable validate for pam_krb5 2. Use pam_krb5 in a process that doesn't die after using PAM (like saslauthd) 3. Use lsof to verify that the file descriptor is being leaked Actual Results: One file descriptor is leaked per authentication. Expected Results: No files should be leaked. Additional info:
Created attachment 121256 [details] Fixes file descriptor leak
Note to self: the file handle is stored in the krb5_keytab structure, and the call to krb5_verify_init_creds overwrites the one we're using when it creates its own cursor.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2007-0790.html