Saslauthd constantly increasing memory use, solved by enabling caching. Why?
ktm at rice.edu
ktm at rice.edu
Tue Nov 1 12:19:23 EDT 2011
On Tue, Nov 01, 2011 at 12:14:28PM -0400, Mark London wrote:
> ktm at rice.edu wrote:
> >On Tue, Nov 01, 2011 at 11:57:57AM -0400, Mark London wrote:
> >>Hi - On RHEL 6, with the latest updates, I have SASLAUTHD configured
> >>to use PAM authentication. I'm also running SSSD. U sing this
> >>configuration, the SASLAUTHD processes would gradually increase
> >>memory usage. After running for several days, each process was
> >>using up about 680M. Are there any known memory leaks when using
> >>PAM? I've found posts on the web from people complaining about PAM
> >>memory leaks, but am not sure they still exists. In any event, I'm
> >>also experiencing that about once a week, SASLAUTHD starts recording
> >>time out errors when trying to contact SSSD, i.e.
> >>"pam_sss(imap:auth): Request to sssd failed. Timer expired." I
> >>decided to enable SASLAUTHD caching with the -c flag, and was
> >>surprised to discover that the SASLAUTHD processes no longer use up
> >>significant memory (i.e. they are now using < 10M)! Can anyone
> >>explain this behavior? Thanks. - Mark
> >Each trip through the PAM stack loses some memory. When you turn on
> >caching, you make a single trip for each authentication via SASL
> >and then it uses the cached copy from then on. This bounds your
> >memory use to N x num-users. Without caching, the growth as you
> >found is unbounded.
>
> Thanks for the info! But without caching, does the Mailman related
> memory use, eventually get freed up?
Do not quote me, but there is a problem with the SASL spec and the
needs of the PAM stack that cause the leak and the only way to free the
space is to restart saslauthd.
>
> Also, are there any bad side effects from turning on caching? If
> not, why isn't it the default?
>
> - Mark
When you have auth = authz, then it is more work to lock an account
because the old cached credentials continue to work until they are
removed.
Ken
More information about the Cyrus-sasl
mailing list