[OpenAFS-devel] linux keyrings, PAGs and KEY_ALLOC_IN_QUOTA

Russ Allbery rra@stanford.edu
Tue, 16 Mar 2010 09:54:38 -0700


Rainer Toebbicke <rtb@pclella.cern.ch> writes:

> Under RHEL5 the keyring quota is 100, hard-coded as far as I can see,
> and already 50 sshd sessions fill it up (with the standard red-hat
> pam_krb5, sshd/pam seems to setpag() as root, each counting as two
> entries, even though the user seems to run in yet another pag).

With the kernel in Debian lenny at least you can increase the quota via
sysctl (kernel.keys.maxkeys and kernel.keys.root_maxkeys).  We do that
globally on all of our systems.  I'm not sure if RHEL5 is too old to have
a similar tuning parameter.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>