I am using pam+winbind+AD to authenticate request. The linux version is RHEL 5.4 and winbind is 3.5.3. The issue I met is that after our daemon is running for a while, it cannot accept any request due to fd reach the limit. After checking the source codes of winbind, I find libwbclient.so caches privilege connection to winbindd for reuse (please refer to winbind_open_pipe_sock() in wb_common.c). However every time a process call pam API to create a new PAM session, pam_winbind.so will dynamically load libwbclient.so and then unload it after the session is done. At that time the cached privilege connection is not closed. As a result, during the process is running whenever a PAM session is created, there will be a fd leaked by libwbclient.so. So we need either provide a way to disable cache of privilege connection or implement clean-up logic when libwbclient.so is unloaded. Thanks, Yong
Created attachment 5965 [details] Patch for 3.5 Should be fixed with the attached patch. This is aa8d91ae8e6b4 from master. Volker
Comment on attachment 5965 [details] Patch for 3.5 Looks good to me.
Re-assigning for inclusion in 3.5.next. Jeremy.
Thanks for the patch. It works well. Yong
Pushed to v3-5-test. Will be included in 3.5.6. Closing out bug report. Thanks!
*** Bug 7265 has been marked as a duplicate of this bug. ***