[OpenAFS] uw-imap & tokens

Kevin Coffman kwc@citi.umich.edu
Wed, 4 Apr 2007 12:57:31 -0400


On 4/4/07, Miles Davis <miles@cs.stanford.edu> wrote:
> On Wed, Apr 04, 2007 at 12:25:31PM -0400, Kevin Coffman wrote:
> > On 4/4/07, Miles Davis <miles@cs.stanford.edu> wrote:
> > >
> > >OK, I've learned a bit about the kernel key management, and part of my
> > >problem is they key quota. Anybody know offhand how to modify that?
> > >I've been looking for the past hour or so and still can't find
> > >anything...
> >
> > AFAIK, the only way I know of is to modify the kernel source.  See
> > KEYQUOTA_MAX_KEYS and KEYQUOTA_MAX_BYTES in security/keys/internal.h.
>
> Ah, there it is...bugger.
>
> OK, maybe I need to look at a more fundamental problem: why is uid 0
> using so many keys to begin with?
>
> Let me step back too, in case I'm on the wrong path. My symptom is
> that tokens are disappearing out from under users after a few minutes
> in a session. They're not expiring. Running "keyctl show" after ssh
> login shows that my keying is uid 0, but I don't know why.
>
> Session Keyring
>        -3 --alswrv      0     0  keyring: _uid_ses.0
>         2 --alswrv      0     0   \_ keyring: _uid.0
>  29391168 ----s--v      0     0   \_ afs_pag: _pag
>
>
> Something does show up under my uid in /proc/key-users:
>
>  9766:     2 2/2 2/100 60/10000

This may or may not be related to the problem you are seeing, but keys
have an expiration that is separate from token expiration.  Perhaps
something to look at.

K.C.