[OpenAFS] uw-imap & tokens

Miles Davis miles@CS.Stanford.EDU
Wed, 4 Apr 2007 09:44:09 -0700

On Wed, Apr 04, 2007 at 12:25:31PM -0400, Kevin Coffman wrote:
> On 4/4/07, Miles Davis <miles@cs.stanford.edu> wrote:
> >
> >OK, I've learned a bit about the kernel key management, and part of my
> >problem is they key quota. Anybody know offhand how to modify that?
> >I've been looking for the past hour or so and still can't find
> >anything...
> AFAIK, the only way I know of is to modify the kernel source.  See
> KEYQUOTA_MAX_KEYS and KEYQUOTA_MAX_BYTES in security/keys/internal.h.

Ah, there it is...bugger.

OK, maybe I need to look at a more fundamental problem: why is uid 0 
using so many keys to begin with?

Let me step back too, in case I'm on the wrong path. My symptom is 
that tokens are disappearing out from under users after a few minutes 
in a session. They're not expiring. Running "keyctl show" after ssh 
login shows that my keying is uid 0, but I don't know why. 

Session Keyring
       -3 --alswrv      0     0  keyring: _uid_ses.0
        2 --alswrv      0     0   \_ keyring: _uid.0
 29391168 ----s--v      0     0   \_ afs_pag: _pag

Something does show up under my uid in /proc/key-users:

 9766:     2 2/2 2/100 60/10000

// Miles Davis - miles@cs.stanford.edu - http://www.cs.stanford.edu/~miles
// Computer Science Department - Computer Facilities
// Stanford University