Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 121551 - cyrus-sasl-2.1.21-r2 - saslauthd fd leak with pam and kerberos
Summary: cyrus-sasl-2.1.21-r2 - saslauthd fd leak with pam and kerberos
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Library (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Net-Mail Packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-02-04 07:36 UTC by Andrej Filipcic
Modified: 2006-02-12 02:31 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrej Filipcic 2006-02-04 07:36:17 UTC 
saslauthd (cyrus-sasl-2.1.21-r2) has a fd leak when using it with pam
and kerberos. If kdc serves v5 and v4, v4 files are deleted but
not released (closed). fd number can reach maximum and saslauthd refuses to authenticate. Each request(login) to saslauthd leaves one fd opened...

lsof -n|grep saslauthd|grep deleted
...
/tmp/tkt3202_0EoUzP (deleted)
saslauthd  9442    root   48u      REG               8,19          0   64257049 /tmp/tkt3259_SU5Bix (deleted)
saslauthd  9442    root   49u      REG               8,19          0   64257051 /tmp/tkt3259_UGODBB (deleted)
saslauthd  9442    root   50u      REG               8,19          0   64257055 /tmp/tkt3259_XC7zx9 (deleted)
...
Comment 1 Tuan Van (RETIRED) gentoo-dev 2006-02-04 10:35:02 UTC 
I believe gentoo net-mail team don't have such setup. Please report this upstream. Note there are more poeple read ML than bug. You can try both.
ML: http://asg.web.cmu.edu/cyrus/mailing-list.html
BUG: https://bugzilla.andrew.cmu.edu/

thanks.
Comment 2 Andrej Filipcic 2006-02-12 02:31:20 UTC 
This leak can be avoided using only krb5 in pam_krb5-2.2.6 from fedora. 
krb4 is anyway deprecated. This version of pam_krb5 gives afs tokens through
krb5 only, so krb4 is not needed anymore.