Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.507 (Entity 5.507) RT-Send-CC: X-RT-Original-Encoding: iso-8859-1 Content-Length: 412 So far I haven't been able to find a leak in the replay cache code, and I can't find records of how previous reports of this kind of issue were resolved. Note that each GSS acceptor credential handle (if it contains a krb5 credential) holds a replay cache handle, which holds an open file descriptor. So if the application is leaking GSS credential handles, it would manifest as an fd leak in the process.