Apparmor complaints about sssd_pac_plugin.so in dmesg
Bug #1702801 reported by
kolya
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openldap (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
I have slapd running and use krb authentication.
Every time someone authenticates on a box connected to slapd/krb I get a few lines like this in server logs:
audit: type=1400 audit(149939010
To post a comment you must log in.
This still occurs with with ubuntu 19.04.
This also may be a potential resource leak/security problem. It looks like each authentication creates a new entry in processe's maps file that looks like this:
/usr/lib/ x86_64- linux-gnu/ krb5/plugins/ authdata/ sssd_pac_ plugin. so
After running for some time slapd processes gets many of those:
cat /proc/877/maps | grep sssd_pac_plugin.so | wc -l
3381
I guess at some point it will run out of resources and crash.