[OpenAFS-devel] linux keyrings, PAGs and KEY_ALLOC_IN_QUOTA

Björn Torkelsson torkel@hpc2n.umu.se
Wed, 31 Mar 2010 23:29:44 +0200


On Tue, 2010-03-16 at 09:54 -0700, Russ Allbery wrote:
> Rainer Toebbicke <rtb@pclella.cern.ch> writes:
> 
> > Under RHEL5 the keyring quota is 100, hard-coded as far as I can see,
> > and already 50 sshd sessions fill it up (with the standard red-hat
> > pam_krb5, sshd/pam seems to setpag() as root, each counting as two
> > entries, even though the user seems to run in yet another pag).
> 
> With the kernel in Debian lenny at least you can increase the quota via
> sysctl (kernel.keys.maxkeys and kernel.keys.root_maxkeys).  We do that
> globally on all of our systems.  I'm not sure if RHEL5 is too old to ha=
ve
> a similar tuning parameter.

There is a redhat bug about it:

	https://bugzilla.redhat.com/show_bug.cgi?id=441243

/Björn