ccache using linux keyring

Chaskiel M Grundman cg2v at
Fri Apr 15 19:45:47 EDT 2005

(This message not sent to nfs4-wg. It may be forwarded there if that's 
--On Friday, April 15, 2005 13:55:38 -0400 Kevin Coffman 
<kwc at> wrote:

> The PAGE_SIZE limit on the keyring contents would limit a ccache to
> approximately 1000 tickets.  Does that sound like it will be a problem?
I don't think you get nearly that many.

PAGE_SIZE is 4096 on i386

I assume that this is the construct being referred to that limits the size 
of the keyring.

                size = sizeof(*klist) + sizeof(*key) * max;
                if (size > PAGE_SIZE)
                        goto error3;

struct keyring_list ('klist') is about 18 bytes on a 32 bit platform.
struct key (*key) is about 84 bytes on a 32 bit platform

That's 48 keys. That doesn't seem like that bad of a practical limit today, 
but I can imagine exceeding it eventually. The good news seems to be that 
the allocation limit does not apply to the entire keyring tree, but only 
each node (so, the session keyring is limited to 48 keys or subkeyring, but 
keys in an afs key ring do not count against keys in a krb5 keyring or in 
the session keyring itself)

More information about the krbdev mailing list