Fletcher Cocquyt wrote: > Hi, I am following the code now on this one - after posting to the webauth > list > a couple weeks ago we are still experiencing several hundred of these errors > per day - we have maxed out our file descriptors hard and soft limits at 64k > and > verified with running plimit. > > webauthldap(SUNetID): cannot get ticket: Too many open files (24) > > Env: Solaris 9, apache 2.0.52, webauth 3.5.4, MIT kerberos krb5-1.4.1 > > Our apache threads are now approaching 250-300 open files (as reported by > lsof). > > I suspect the issue may be isolated to the webauth and associated kerberos > calls > to related to keytab and ticket cache operations. this suspicion is based on: > 1) error only occurs on mod_webauth protected URLs > 2) error is always associated with webauthldap(SUNetID): cannot get ticket: > Too > many open files (24) messages > > Hypothesis: This version of webauth & kerberos is somehow not using the 64k > file > descriptor limit, but is using a 256 file limit and throwing the error on the > ticket operations when the apache thread has more than 256 files open. > > there are other threads related to the use of char vs int resulting in return > value overflow...is there a kerberos bug in 1.4.1 version which is since > fixed? > > thanks > I'm going to hazard a guess that the problem is gssapi maintaining an open file descriptor per context for the replay cache or that you are experiencing a leak of file descriptors to the replay cache. I do not remember exactly the version that plugged the leak and fixed it by maintaining a rcache fd per gss context.
Jeffrey Altman
smime.p7s
Description: S/MIME Cryptographic Signature
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos