Bug 1031724 – Keyring ccaches should set timeout on the keyring

Bug 1031724 - Keyring ccaches should set timeout on the keyring

Summary:	Keyring ccaches should set timeout on the keyring

Status:	CLOSED CURRENTRELEASE

Aliases:	None

Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	krb5 (Show other bugs)
Sub Component:
Version:	7.0
Hardware:	Unspecified Unspecified

Priority	low Severity low
Target Milestone:	rc
Target Release:	---
Assigned To:	Nalin Dahyabhai
QA Contact:	Patrik Kis
Docs Contact:

URL:
Whiteboard:
Keywords:	FutureFeature

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2013-11-18 10:44 EST by Simo Sorce
Modified:	2014-06-17 21:08 EDT (History)
CC List:	3 users (show)

See Also:
Fixed In Version:	krb5-1.11.3-35.el7
Doc Type:	Enhancement
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2014-06-13 06:17:04 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1053033	None	None	None	Never

Groups: None (edit)

Description Simo Sorce 2013-11-18 10:44:04 EST

The keyring caches do not have an explicit timeout set.
Keyrings should be made to expire when the credentials they contain expire to avoid keeping kernel memory/tmpfs busy with useless data.

It is important on  big systems that have many users and all of them acquire kerberos credentials.

A patch to implement this feature is available upstream in commit: 29e60c5b7ac0980606971afc6fd6028bcf0c7f0f

Comment 3 Ludek Smid 2014-06-13 06:17:04 EDT

This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.