Skip to content

Fix/11.0/fix ticket10723/mem overload n#7832

Merged
mksahakyan merged 3 commits into11.0from
fix/11.0/fixTicket10723/memOverload_n
Jun 29, 2025
Merged

Fix/11.0/fix ticket10723/mem overload n#7832
mksahakyan merged 3 commits into11.0from
fix/11.0/fixTicket10723/memOverload_n

Conversation

@mksahakyan
Copy link
Contributor

@mksahakyan mksahakyan commented Jun 27, 2025

No description provided.

@mksahakyan
gmplazma: excessive caching of failed login attempts leads to system …
7ae45e3 
…overload.

In the  ticket 10723 was discovered that  dCache caching a response for
    a rejected authentication attempt, based on the identity.
   (in case of chained certificates) might create 100k "cached" failed login entries in dCache.

This can  lead to overeading to an overload and triggering java garbage collectors
    running at 100 % CPU and large memory consumption.

Motivation
dCache Overload from Failed Logins via Chained Proxies.

Modification

Replace CopyOnWriteArraySet with Guava cache.

Result

FailedLogins will now be  keeping only the last specfied number of logs by  `gplazma.authz.max-cache-size= 10000` property.

Acked-by: Tigra Mkrtchyan
Target: master. 11.0, 10.2, 10.1, 10.0, 9.2
Require-book: no
Require-notes: yes
Patch: https://rb.dcache.org/r/14444/
@mksahakyan
gplazma: fix static field for RecordFailedLogins
b6c2562 
Motivation

stic field for the KnownFailedLogins
@mksahakyan
fix broken commit 48a544c
c02dbff 
(cherry picked from commit f5f9278)
Signed-off-by: sahakya <marina.sahakyan@desy.de>
@mksahakyan mksahakyan merged commit 337595f into 11.0 Jun 29, 2025
6 checks passed
@mksahakyan mksahakyan deleted the fix/11.0/fixTicket10723/memOverload_n branch June 29, 2025 10:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mksahakyan