RHEL 6.5 Kernel key requests keep incrementing due to kerberos
Issue
-
We currently mount a few CIFS filesystems on our RHEL6.5 x64_64 servers using the request-key functionality + the automounter + sssd-kerberos-ldap. We can normally access the mounts fine.
-
I've continually increased the values in /proc/key-users (via sysctl), and we keep hitting the limits, giving us the "disk quota exceeded" when I try to access a CIFS mount:
$ ls -la /cifsmounts/dir/file
ls: cannot access /cifsmounts/dir/file: Disk quota exceeded
$ cat /proc/key-users
0: 56 55/33 50/200 2573/20000
603: 6 6/6 6/2000 178/200000
19812: 1939 1939/4 1939/2000 199992/200000
35302: 1999 1999/6 1999/2000 179343/200000
- I noticed that Kerberos is actively using the Kernel Key Retention service. The root user is hitting the top of the key count quota '200000':
# cat /proc/key-users
...
0: 200005 200004/526 199999/200000 6604151/100000000
Environment
- Red Hat Enterprise Linux 6.5
- Kerberos
- NFS
- CIFS
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.