Hide Forgot
We run an NFS4 server cluster that uses HA and virtual IP addresses. Because of this, we run the NFS4 rpc.svcgssd process with the '-n' flag, which causes rpc.svcgssd to defer credential creation for a context until the context is needed. When run this way, it exposes a kerberos bug that leaks rcache opens in gss_accept_context by opening a new file handle for each client context created. Eventually, rpc.svcgssd runs up agains ulimit and must be restarted. Here is some discussion of the problem: http://marc.info/?t=131068390400045&r=1&w=2 The fix should be included in 1.9.2: http://src.mit.edu/fisheye/changelog/krb5?cs=24917 We are running into this bug in krb5-workstation-1.9-22.el6_2.1.x86_64.
Patch merged for krb5-1.9-25.el6 and later.
*** Bug 812014 has been marked as a duplicate of this bug. ***
Is the patched version available for RHEL 6.2?
(In reply to comment #6) > Is the patched version available for RHEL 6.2? No, but if your use-case has an urgent enough business justification, you can: 1. contact Red Hat Global Support Services (https://access.redhat.com/support/cases/new) 2. provide them the data they need to verify that you hit this bug 3. describe the urgency and business justification 4. request an errata for RHEL-6.2 Currently, this bug is scheduled to be fixed with RHEL-6.3.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0921.html