Bug 1031724 - Keyring ccaches should set timeout on the keyring
Keyring ccaches should set timeout on the keyring
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: krb5 (Show other bugs)
7.0
Unspecified Unspecified
low Severity low
: rc
: ---
Assigned To: Nalin Dahyabhai
Patrik Kis
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-18 10:44 EST by Simo Sorce
Modified: 2014-06-17 21:08 EDT (History)
3 users (show)

See Also:
Fixed In Version: krb5-1.11.3-35.el7
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-06-13 06:17:04 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Bugzilla 1053033 None None None Never

  None (edit)
Description Simo Sorce 2013-11-18 10:44:04 EST
The keyring caches do not have an explicit timeout set.
Keyrings should be made to expire when the credentials they contain expire to avoid keeping kernel memory/tmpfs busy with useless data.

It is important on  big systems that have many users and all of them acquire kerberos credentials.

A patch to implement this feature is available upstream in commit: 29e60c5b7ac0980606971afc6fd6028bcf0c7f0f
Comment 3 Ludek Smid 2014-06-13 06:17:04 EDT
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.