On 4/4/07, Miles Davis <[EMAIL PROTECTED]> wrote:
On Wed, Apr 04, 2007 at 12:25:31PM -0400, Kevin Coffman wrote: > On 4/4/07, Miles Davis <[EMAIL PROTECTED]> wrote: > > > >OK, I've learned a bit about the kernel key management, and part of my > >problem is they key quota. Anybody know offhand how to modify that? > >I've been looking for the past hour or so and still can't find > >anything... > > AFAIK, the only way I know of is to modify the kernel source. See > KEYQUOTA_MAX_KEYS and KEYQUOTA_MAX_BYTES in security/keys/internal.h.Ah, there it is...bugger. OK, maybe I need to look at a more fundamental problem: why is uid 0 using so many keys to begin with? Let me step back too, in case I'm on the wrong path. My symptom is that tokens are disappearing out from under users after a few minutes in a session. They're not expiring. Running "keyctl show" after ssh login shows that my keying is uid 0, but I don't know why. Session Keyring -3 --alswrv 0 0 keyring: _uid_ses.0 2 --alswrv 0 0 \_ keyring: _uid.0 29391168 ----s--v 0 0 \_ afs_pag: _pag Something does show up under my uid in /proc/key-users: 9766: 2 2/2 2/100 60/10000
This may or may not be related to the problem you are seeing, but keys have an expiration that is separate from token expiration. Perhaps something to look at. K.C. _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
