[OpenAFS-devel] linux keyrings, PAGs and KEY_ALLOC_IN_QUOTA

Russ Allbery rra@stanford.edu
Wed, 17 Mar 2010 01:39:17 -0700


Rainer Toebbicke <rtb@pclella.cern.ch> writes:

> On RHEL5 every sshd session holds at least one pag for root, so yes as
> soon as there are 50 users logged in strange things happen. ssh sessions
> as root would start to "share" tokens I suppose. Also, there must be a
> reason why pam does a setpag as root and another one as user: that corner
> case wouldn't be covered.

I can't think of any reason why that would be needed, and pam-afs-session
doesn't do that unless the application calling the PAM stack does
something weird.  (ssh is notorious for calling PAM in weird ways.)

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>