[OpenAFS] uw-imap & tokens
Wed, 4 Apr 2007 12:57:31 -0400
On 4/4/07, Miles Davis <firstname.lastname@example.org> wrote:
> On Wed, Apr 04, 2007 at 12:25:31PM -0400, Kevin Coffman wrote:
> > On 4/4/07, Miles Davis <email@example.com> wrote:
> > >
> > >OK, I've learned a bit about the kernel key management, and part of my
> > >problem is they key quota. Anybody know offhand how to modify that?
> > >I've been looking for the past hour or so and still can't find
> > >anything...
> > AFAIK, the only way I know of is to modify the kernel source. See
> > KEYQUOTA_MAX_KEYS and KEYQUOTA_MAX_BYTES in security/keys/internal.h.
> Ah, there it is...bugger.
> OK, maybe I need to look at a more fundamental problem: why is uid 0
> using so many keys to begin with?
> Let me step back too, in case I'm on the wrong path. My symptom is
> that tokens are disappearing out from under users after a few minutes
> in a session. They're not expiring. Running "keyctl show" after ssh
> login shows that my keying is uid 0, but I don't know why.
> Session Keyring
> -3 --alswrv 0 0 keyring: _uid_ses.0
> 2 --alswrv 0 0 \_ keyring: _uid.0
> 29391168 ----s--v 0 0 \_ afs_pag: _pag
> Something does show up under my uid in /proc/key-users:
> 9766: 2 2/2 2/100 60/10000
This may or may not be related to the problem you are seeing, but keys
have an expiration that is separate from token expiration. Perhaps
something to look at.