[OpenAFS-devel] linux keyrings, PAGs and KEY_ALLOC_IN_QUOTA
Simon Wilkinson
sxw@inf.ed.ac.uk
Wed, 17 Mar 2010 00:03:42 +0000
On 16 Mar 2010, at 23:36, Jason Edgecombe wrote:
>>
> "sysctl -a | grep kern | grep key" doesn't show anything on Centos
> 5.2 or RHEL 5.4, so I would say that parameter is not available.
>
> What is the scope of the limit. Would that limit me to 50 concurrent
> ssh sessions? Would things go south after I connect and disconnect
> 51 times?
Concurrent sessions - as keyrings are garbage collected by the kernel,
you get quota back. It's also not necessarily going to be 50 of them -
it depends on the way that the PAG has been created. If you're using a
PAM module which does the setpag as the user, rather than as root,
you'll never see a problem.
But yes, the limit is a pain, and we should stop hitting it. It'll be
fixed in 1.4.13, and it's likely that those changes will get rolled
into RPMs sooner. But, as I've only just finished building 1.4.12 ...
Cheers,
Simon.