ccache using linux keyring

Ken Raeburn raeburn at MIT.EDU
Fri Apr 15 18:19:31 EDT 2005

On Apr 15, 2005, at 13:55, Kevin Coffman wrote:
> The PAGE_SIZE limit on the keyring contents would limit a ccache to
> approximately 1000 tickets.  Does that sound like it will be a problem?

Is that ~1000 total entries in the key ring, counting each Kerberos 
ticket and the principal name for each ccache, and each AFS token (one 
per cell, though I vaguely recall hearing someone suggest per-server 
authentication, which would greatly increase this number), and whatever 
else is stored there?

That could add up to quite a lot for some people, I would guess.  But 
if it filled, some sort of LRU scheme could evict some entries which 
are useless or would be easily re-acquired (say, any Kerberos tickets 
but your initial one, or any that are about to expire in five seconds 
anyways, or an older one for the same service and same flags but an 
earlier expiration) when more space is needed.  Wouldn't be ideal, but 
it might work.

For most people, I think ~1000 tickets is way more than enough....


More information about the krbdev mailing list