Jeffrey Hutzelman <[EMAIL PROTECTED]> wrote: > No; it gets allocated by AFS as part of the setpag operation. Of course, the > setpag may be being called by a PAM module, but that should be fairly > irrelevant. > > Without having looked at this in much detail, I'll hazard a guess as to what's > going on. I'll bet the PAG (and thus the key) are created while sshd is still > UID 0, and thus are being charged against UID 0's quota.
That'd be my bet too. I suspect that the PAM module (if that's what it is) that issued setpag occurs before the pam_keyinit PAM module also. > If this is the case, I would suggest not applying keyring quotas to UID 0; > if root wants to exhaust all the resources the machine has to offer, so be > it. That's not a good solution. The afs_pag gets attached to the root user's default session keyring, displacing any afs_pag that was previously there. What does the setpag code look like? David _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
