ccache using linux keyring
Ken Raeburn
raeburn at MIT.EDU
Fri Apr 15 18:19:31 EDT 2005
On Apr 15, 2005, at 13:55, Kevin Coffman wrote:
> The PAGE_SIZE limit on the keyring contents would limit a ccache to
> approximately 1000 tickets. Does that sound like it will be a problem?
Is that ~1000 total entries in the key ring, counting each Kerberos
ticket and the principal name for each ccache, and each AFS token (one
per cell, though I vaguely recall hearing someone suggest per-server
authentication, which would greatly increase this number), and whatever
else is stored there?
That could add up to quite a lot for some people, I would guess. But
if it filled, some sort of LRU scheme could evict some entries which
are useless or would be easily re-acquired (say, any Kerberos tickets
but your initial one, or any that are about to expire in five seconds
anyways, or an older one for the same service and same flags but an
earlier expiration) when more space is needed. Wouldn't be ideal, but
it might work.
For most people, I think ~1000 tickets is way more than enough....
Ken
More information about the krbdev
mailing list