[OpenAFS] uw-imap & tokens
Wed, 04 Apr 2007 20:33:34 +0100
Jeffrey Hutzelman <firstname.lastname@example.org> wrote:
> No; it gets allocated by AFS as part of the setpag operation. Of course, the
> setpag may be being called by a PAM module, but that should be fairly
> Without having looked at this in much detail, I'll hazard a guess as to what's
> going on. I'll bet the PAG (and thus the key) are created while sshd is still
> UID 0, and thus are being charged against UID 0's quota.
That'd be my bet too. I suspect that the PAM module (if that's what it is)
that issued setpag occurs before the pam_keyinit PAM module also.
> If this is the case, I would suggest not applying keyring quotas to UID 0;
> if root wants to exhaust all the resources the machine has to offer, so be
That's not a good solution. The afs_pag gets attached to the root user's
default session keyring, displacing any afs_pag that was previously there.
What does the setpag code look like?