Bug 1031724

Summary: Keyring ccaches should set timeout on the keyring
Product: Red Hat Enterprise Linux 7 Reporter: Simo Sorce <ssorce>
Component: krb5Assignee: Nalin Dahyabhai <nalin>
Status: CLOSED CURRENTRELEASE QA Contact: Patrik Kis <pkis>
Severity: low Docs Contact:
Priority: low    
Version: 7.0CC: dpal, pkis, sgallagh
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: krb5-1.11.3-35.el7 Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 10:17:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Simo Sorce 2013-11-18 15:44:04 UTC 
The keyring caches do not have an explicit timeout set.
Keyrings should be made to expire when the credentials they contain expire to avoid keeping kernel memory/tmpfs busy with useless data.

It is important on  big systems that have many users and all of them acquire kerberos credentials.

A patch to implement this feature is available upstream in commit: 29e60c5b7ac0980606971afc6fd6028bcf0c7f0f
Comment 3 Ludek Smid 2014-06-13 10:17:04 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.