[OpenAFS-devel] linux keyrings, PAGs and KEY_ALLOC_IN_QUOTA
Jason Edgecombe
jason@rampaginggeek.com
Tue, 16 Mar 2010 19:36:22 -0400
Russ Allbery wrote:
> Rainer Toebbicke <rtb@pclella.cern.ch> writes:
>
>
>> Under RHEL5 the keyring quota is 100, hard-coded as far as I can see,
>> and already 50 sshd sessions fill it up (with the standard red-hat
>> pam_krb5, sshd/pam seems to setpag() as root, each counting as two
>> entries, even though the user seems to run in yet another pag).
>>
>
> With the kernel in Debian lenny at least you can increase the quota via
> sysctl (kernel.keys.maxkeys and kernel.keys.root_maxkeys). We do that
> globally on all of our systems. I'm not sure if RHEL5 is too old to have
> a similar tuning parameter.
>
>
"sysctl -a | grep kern | grep key" doesn't show anything on Centos 5.2
or RHEL 5.4, so I would say that parameter is not available.
What is the scope of the limit. Would that limit me to 50 concurrent ssh
sessions? Would things go south after I connect and disconnect 51 times?
Thanks,
Jason