RHEL 6.5 Kernel key requests keep incrementing due to kerberos

Solution Unverified - Updated -

Issue

  • We currently mount a few CIFS filesystems on our RHEL6.5 x64_64 servers using the request-key functionality + the automounter + sssd-kerberos-ldap. We can normally access the mounts fine.

  • I've continually increased the values in /proc/key-users (via sysctl), and we keep hitting the limits, giving us the "disk quota exceeded" when I try to access a CIFS mount:

$ ls -la /cifsmounts/dir/file 
ls: cannot access /cifsmounts/dir/file: Disk quota exceeded
$ cat /proc/key-users 
    0:    56 55/33 50/200 2573/20000
  603:     6 6/6 6/2000 178/200000
19812:  1939 1939/4 1939/2000 199992/200000
35302:  1999 1999/6 1999/2000 179343/200000
  • I noticed that Kerberos is actively using the Kernel Key Retention service. The root user is hitting the top of the key count quota '200000':
# cat /proc/key-users
...
    0: 200005 200004/526 199999/200000 6604151/100000000

Environment

  • Red Hat Enterprise Linux 6.5
  • Kerberos
  • NFS
  • CIFS

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content