ccache using linux keyring
Chaskiel M Grundman
cg2v at andrew.cmu.edu
Fri Apr 15 19:45:47 EDT 2005
(This message not sent to nfs4-wg. It may be forwarded there if that's
appropriate)
--On Friday, April 15, 2005 13:55:38 -0400 Kevin Coffman
<kwc at citi.umich.edu> wrote:
> The PAGE_SIZE limit on the keyring contents would limit a ccache to
> approximately 1000 tickets. Does that sound like it will be a problem?
I don't think you get nearly that many.
PAGE_SIZE is 4096 on i386
I assume that this is the construct being referred to that limits the size
of the keyring.
size = sizeof(*klist) + sizeof(*key) * max;
if (size > PAGE_SIZE)
goto error3;
struct keyring_list ('klist') is about 18 bytes on a 32 bit platform.
struct key (*key) is about 84 bytes on a 32 bit platform
That's 48 keys. That doesn't seem like that bad of a practical limit today,
but I can imagine exceeding it eventually. The good news seems to be that
the allocation limit does not apply to the entire keyring tree, but only
each node (so, the session keyring is limited to 48 keys or subkeyring, but
keys in an afs key ring do not count against keys in a krb5 keyring or in
the session keyring itself)
More information about the krbdev
mailing list