From our user in the abovementioned bug report in Debian: The pam_winbind module leaks file descriptors. wb_common.c keeps its file descriptor in the winbindd_fd global variable and closes that through the winbind_close_sock function, but there's no provision for making sure that winbind_close_sock is called when pam_winbind is closed via dlclose. A symptom of this is that Apache, if set up to use its auth_pam module, is eventually unable to authenticate new users. The attached patch instructs gcc to treat winbind_close_sock as a destructor. This is the simplest fix but maybe not the best; from looking at the docs, specifying a cleanup function to pam_set_data (and doing something else for nss_winbind?) may be more correct. diff -r samba-3.4.7.orig/nsswitch/winbind_client.h samba-3.4.7/nsswitch/winbind_client.h 28c28 < void winbind_close_sock(void); --- > void winbind_close_sock(void) __attribute__((destructor));
From a discussion on IRC, this bug is a duplicate of #7684 (rather saif that 7684 is a duplicate of this one..:-)) *** This bug has been marked as a duplicate of bug 7684 ***