[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Intermittent failures of mod_krb5
From:       Arran Cudbard-Bell <a.cudbardb () freeradius ! org>
Date:       2018-02-25 15:33:30
Message-ID: E9121ACA-E32D-4E7E-9E03-EEB14B546D90 () freeradius ! org
[Download RAW message or body]


> [mods-available/krb5]
> krb5 {
> keytab = /etc/krb5.keytab
> service_principal = 'host/ix-radius1.ad.example.net'   # different for each radius \
> server pool { ... everything as defaults ... }
> }
> 
> I wonder if there is some sort of leak and I should set "uses" or "lifetime" to \
> limit how long each krb5 instance is used for?

Go for it.  I'm not sure that kerberos handles are actually bound to connections \
though i.e. destroying a handle might not actually do anything helpful if libkerberos \
does its own connection management.

-Arran
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]