Intermittent failures of mod_krb5

Arran Cudbard-Bell a.cudbardb at freeradius.org
Sun Feb 25 16:33:30 CET 2018


> [mods-available/krb5]
> krb5 {
>         keytab = /etc/krb5.keytab
>         service_principal = 'host/ix-radius1.ad.example.net'   # different for each radius server
>         pool { ... everything as defaults ... }
> }
> 
> I wonder if there is some sort of leak and I should set "uses" or "lifetime" to limit how long each krb5 instance is used for?

Go for it.  I’m not sure that kerberos handles are actually bound to connections though i.e. destroying a handle might not actually do anything helpful if libkerberos does its own connection management.

-Arran


More information about the Freeradius-Users mailing list