Bug 761006 - Leaking rcache opens in gss_accept_context
Summary: Leaking rcache opens in gss_accept_context
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: krb5
Version: 6.1
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Nalin Dahyabhai
QA Contact: Zbysek MRAZ
URL:
Whiteboard:
: 812014 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-12-07 15:00 UTC by bcodding
Modified: 2018-11-28 21:25 UTC (History)
8 users (show)

Fixed In Version: krb5-1.9-25.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-06-20 14:26:54 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 84433 0 None None None 2018-11-27 20:28:23 UTC
Red Hat Product Errata RHBA-2012:0921 0 normal SHIPPED_LIVE krb5 bug fix and enhancement update 2012-06-19 20:46:12 UTC

Description bcodding 2011-12-07 15:00:38 UTC
We run an NFS4 server cluster that uses HA and virtual IP addresses.  Because of this, we run the NFS4 rpc.svcgssd process with the '-n' flag, which causes rpc.svcgssd to defer credential creation for a context until the context is needed.

When run this way, it exposes a kerberos bug that leaks rcache opens in gss_accept_context by opening a new file handle for each client context created.  Eventually, rpc.svcgssd runs up agains ulimit and must be restarted.

Here is some discussion of the problem:

http://marc.info/?t=131068390400045&r=1&w=2

The fix should be included in 1.9.2:

http://src.mit.edu/fisheye/changelog/krb5?cs=24917

We are running into this bug in krb5-workstation-1.9-22.el6_2.1.x86_64.

Comment 2 Nalin Dahyabhai 2012-01-30 22:46:21 UTC
Patch merged for krb5-1.9-25.el6 and later.

Comment 5 Dmitri Pal 2012-05-13 18:44:28 UTC
*** Bug 812014 has been marked as a duplicate of this bug. ***

Comment 6 Lukas Hejtmanek 2012-06-18 17:20:10 UTC
Is the patched version available for RHEL 6.2?

Comment 7 Niels de Vos 2012-06-19 08:08:10 UTC
(In reply to comment #6)
> Is the patched version available for RHEL 6.2?

No, but if your use-case has an urgent enough business justification, you can:

1. contact Red Hat Global Support Services (https://access.redhat.com/support/cases/new)
2. provide them the data they need to verify that you hit this bug
3. describe the urgency and business justification
4. request an errata for RHEL-6.2

Currently, this bug is scheduled to be fixed with RHEL-6.3.

Comment 8 errata-xmlrpc 2012-06-20 14:26:54 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0921.html


Note You need to log in before you can comment on or make changes to this bug.