It does look like the solution I need. I really appreciate the quick response.
I will pull this commit and see if it solves my issue. Thank you so much Greg. Thank You, Rahul. On Fri, May 12, 2017 at 7:40 PM, Greg Hudson <ghud...@mit.edu> wrote: > On 05/12/2017 03:49 PM, Rahul G wrote: > > I observed that when a user from a sub sub domain (three levels down from > > top) makes a request, *init_sec_context *function* (which eventually > calls > > get_creds.c)* > > stores the TGT of the sub sub domain in the ccache. > > Problem is, when a another user from the same domain makes a request, it > > stores the same TGT again and > > the cache now has 2 copies of the same TGT, and this continues for every > > user thereby increasing the memory used by the process. > > This sounds like a variant of > http://krbdev.mit.edu/rt/Ticket/Display.html?id=8579 where the KDC > response is an alternate TGT. We recently committed a change to master > to fix that problem: > > https://github.com/krb5/krb5/commit/1dc619624421002b1e64d3b8c7e270 > 508381b3e6 > > Unfortunately we don't put out KfW releases very often, but if you're > prepared to rebuild KfW from source code you could apply that patch. > _______________________________________________ kfwdev mailing list kfwdev@mit.edu http://mailman.mit.edu/mailman/listinfo/kfwdev