Bug ID 433839: Kerberos high CPU usage

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.2.1, 11.3.0, 11.4.0, 11.4.1

Fixed In:
11.5.0, 11.4.1 HF2, 11.4.0 HF6

Opened: Oct 14, 2013
Severity: 3-Major
Related AskF5 Article:
K15703

Symptoms

The access policy daemon (apd) shows high CPU usage and does not release it, in some rare conditions.

Impact

The impact is that the apd process might use 100% of the CPU and stop responding for incoming requests.

Conditions

In rare cases, if the apd connection to the Kerberos key distribution center (KDC) was shutdown immediately after it was established, the Kerberos library might wait for the length of the initial message indefinitely, which causes one of apd threads to loop infinitely.

Workaround

To work around this issue, restart the apd process.

Fix Information

Now, if the peer is shut down, Kerberos immediately terminates the connection.

Behavior Change