[OpenAFS] uw-imap & tokens
Jeffrey Hutzelman
jhutz@cmu.edu
Wed, 04 Apr 2007 15:07:45 -0400
On Wednesday, April 04, 2007 06:07:46 PM +0100 David Howells
<dhowells@redhat.com> wrote:
> How's the afs_pag key getting allocated? Is it by a PAM module?
No; it gets allocated by AFS as part of the setpag operation. Of course,
the setpag may be being called by a PAM module, but that should be fairly
irrelevant.
Without having looked at this in much detail, I'll hazard a guess as to
what's going on. I'll bet the PAG (and thus the key) are created while
sshd is still UID 0, and thus are being charged against UID 0's quota. If
this is the case, I would suggest not applying keyring quotas to UID 0; if
root wants to exhaust all the resources the machine has to offer, so be it.
-- Jeff