Saslauthd constantly increasing memory use, solved by enablingcaching. Why?
wright at mnstarfire.com
wright at mnstarfire.com
Tue Nov 1 12:24:12 EDT 2011
I was noticing a memory leak on our server and this discussion makes me
wonder if this is the culprit.
When you say ""decided to enable SASLAUTHD caching with the -c flag"
can you clarify exactly where you did this?
Thank you,
- John
On Tue, 1 Nov 2011 11:19:23 -0500, "ktm at rice.edu" wrote:
On Tue, Nov 01, 2011 at 12:14:28PM -0400, Mark London wrote:
> > ktm at rice.edu wrote:
> > >On Tue, Nov 01, 2011 at 11:57:57AM -0400, Mark London wrote:
> > >>Hi - On RHEL 6, with the latest updates, I have SASLAUTHD configured
> > >>to use PAM authentication. I'm also running SSSD. U sing this
> > >>configuration, the SASLAUTHD processes would gradually increase
> > >>memory usage. After running for several days, each process was
> > >>using up about 680M. Are there any known memory leaks when using
> > >>PAM? I've found posts on the web from people complaining about PAM
> > >>memory leaks, but am not sure they still exists. In any event, I'm
> > >>also experiencing that about once a week, SASLAUTHD starts recording
> > >>time out errors when trying to contact SSSD, i.e.
> > >>"pam_sss(imap:auth): Request to sssd failed. Timer expired." I
> > >>decided to enable SASLAUTHD caching with the -c flag, and was
> > >>surprised to discover that the SASLAUTHD processes no longer use up
> > >>significant memory (i.e. they are now using < 10M)! Can anyone
> > >>explain this behavior? Thanks. - Mark
> > >Each trip through the PAM stack loses some memory. When you turn on
> > >caching, you make a single trip for each authentication via SASL
> > >and then it uses the cached copy from then on. This bounds your
> > >memory use to N x num-users. Without caching, the growth as you
> > >found is unbounded.
> > > Thanks for the info! But without caching, does the Mailman related
> > memory use, eventually get freed up?
>
> Do not quote me, but there is a problem with the SASL spec and the
> needs of the PAM stack that cause the leak and the only way to free the
> space is to restart saslauthd.
>
> > > Also, are there any bad side effects from turning on caching? If
> > not, why isn't it the default?
> > > - Mark
>
> When you have auth = authz, then it is more work to lock an account
> because the old cached credentials continue to work until they are
> removed.
>
> Ken
>
>
More information about the Cyrus-sasl
mailing list