On 01/18/2013 12:37 PM, Jonathan Reams wrote: > Earlier this week we had a problem where kadmind exceeded its file > descriptor ulimit with roughly a thousand open file descriptors for > /var/tmp/kadmin_0.
That's a replay cache. By my understanding of the code, kadmind should create 16-24 handles to the replay cache at startup (that number could be reduced to 2-3 pretty easily), and then the number shouldn't grow after that. The handles are created eight at a time by calls to gss_acquire_cred() from svcauth_gssapi_set_names(). Obviously that's not what you're seeing in your environment, but I'm not immediately sure what code paths could result in additional opens of the replay cache. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
