Bug ID 433839: Kerberos high CPU usage

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.2.1, 11.3.0, 11.4.0, 11.4.1

Fixed In:
11.5.0, 11.4.1 HF2, 11.4.0 HF6

Opened: Oct 14, 2013
Severity: 3-Major
Related AskF5 Article:


The access policy daemon (apd) shows high CPU usage and does not release it, in some rare conditions.


The impact is that the apd process might use 100% of the CPU and stop responding for incoming requests.


In rare cases, if the apd connection to the Kerberos key distribution center (KDC) was shutdown immediately after it was established, the Kerberos library might wait for the length of the initial message indefinitely, which causes one of apd threads to loop infinitely.


To work around this issue, restart the apd process.

Fix Information

Now, if the peer is shut down, Kerberos immediately terminates the connection.

Behavior Change