[OpenAFS-devel] linux keyrings, PAGs and KEY_ALLOC_IN_QUOTA

Rainer Toebbicke rtb@pclella.cern.ch
Wed, 17 Mar 2010 09:35:12 +0100


Jason Edgecombe schrieb:

> 
> What is the scope of the limit. Would that limit me to 50 concurrent ssh 
> sessions? Would things go south after I connect and disconnect 51 times?
> 

On RHEL5 every sshd session holds at least one pag for root, so yes as soon as 
there are 50 users logged in strange things happen. ssh sessions as root would 
start to "share" tokens I suppose. Also, there must be a reason why pam does a 
setpag as root and another one as user: that corner case wouldn't be covered. 
Given that even with the fix checking return codes programs would have to 
start checking setpag()'s return code... and then what?

To me all that sounds like while a limit for vanilla_user is reasonable, one 
for root just brings more hassle than relief..


> Thanks,
> Jason
> _______________________________________________
> OpenAFS-devel mailing list
> OpenAFS-devel@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-devel
> 


-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rainer Toebbicke
European Laboratory for Particle Physics(CERN) - Geneva, Switzerland
Phone: +41 22 767 8985       Fax: +41 22 767 7155