Hi everyone, we have a setup with 10000+ users, using kerberos mostly for ssh authentication. This works fine for several years now, but we recently ran into a problem with pam_krb5.
We upgraded our terminal server to debian wheezy (was squeeze before), and since then sshd sometimes consumes 100% of the CPU when invoking pam_krb5. This seems to happen if some bot or something tries to log in as a user who is not found in the LDAP user database but still has a principle kicking around (this is the case for disabled users). The process polls a udp socket pointing at the kerberos master's port 88, thus generating this load. Regular, active users get their TGT from the slaves - this still works fine. Does anyone have any insights on this? Thanks, Chris ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
