Affects Version/s: 2.0.0-M24
Fix Version/s: 2.0.0.AM25
ApacheDS uses a KerberosProtocolHandler as the handler of the
IoAcceptor in KdcServer.java:
When a TCP connection is about to be closed, KerberosProtocolHandler$inputClosed(IoSession session) is invoked when
is reached in AbstractPollingIoProcessor.java. But KerberosProtocolHandler$inputClosed(IoSession session) does nothing:
which leaves the session unclosed, which in turn prevents its SocketChannel from being deregistered from the selector in NioProcessor. As a result,
in AbstractPollingIoProcessor.Processor.run() keeps returning a readable channel, on which read() returns -1. This infinite loop consumes all available CPU.
By constrast, LdapServer sets a LdapProtocolHandler to its acceptor, and LdapProtocolHandler inherits inputClosed(IoSession session) from IoHandlerAdapter:
which closes properly the session.
How to reproduce:
Simply run kinit with TCP (by setting udp_preference_limit = 1 in /etc/krb5.conf), and ApacheDS will be running at 100% CPU. Doing it again will consume more CPU resources depending on core number.