On Mon, Oct 4, 2021 at 8:25 PM Kees Bakker via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote: > > On 04-10-2021 11:04, François Cami via FreeIPA-users wrote: > > On Mon, Oct 4, 2021 at 10:35 AM Kees Bakker via FreeIPA-users > > <freeipa-users@lists.fedorahosted.org> wrote: > >> Hi, > >> > >> Every now and then I cannot login anymore after waking up from a suspend. > >> I'm getting krb5_child: DIsk quota exceeded > >> > >> I suspend my PC at the end of the working day. Most of the time I can > >> unlock > >> my screen after waking up. But now it happened two days in a row. > >> > >> I have tried restarting sssd, certmonger (after logging in with a local > >> user). > >> That doesn't help. > >> The only thing that seems to help is a reboot. > >> > >> This happens on a Ubuntu 20.04 system with freeipa-client 4.8.6-1ubuntu2, > >> sssd 2.2.3-3ubuntu0.6 > >> > >> Can anyone give me a hint how to enable more debug/logging? Or should > >> I ask help in another ml? > > Hi, > > > > You need the output of: > > # cat /proc/key-users > > The first field is the UID, the fifth field is the number of bytes > > used and the maximum bytes the user may use. > > > > François > Interesting. The default for a non-root user is 20000. I can easily > reach that limit by running an ssh command to more than 15 > hosts. I get a hostkey for each in the keyring. Each key takes roughly > 1180 bytes. Right now I have occupied 19555/20000.
Yes. https://man7.org/linux/man-pages/man7/keyrings.7.html should have all the details. BTW, I think the big_key support detailed in: https://k5wiki.kerberos.org/wiki/Projects/Keyring_collection_cache should help, but how to use it in your case is best asked to your distribution developers. > No new hostkey can be stored in the keyring but I can still connect to > the remote systems. And I can still login on this system. > > I'm guessing that login might become critical if the keyring gets occupied > much closer to the 20000 limit. I don't how many bytes are needed at that > point. > > Besides all these observations we should try to improve the error message. > Just "Disk quota exceeded" is not meaningful for the average user. That's for MIT krb5, if you want to report that. François > -- Kees > > >> -- > >> Kees > >> _______________________________________________ > >> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > >> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > >> Fedora Code of Conduct: > >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > >> List Archives: > >> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > >> Do not reply to spam on the list, report it: > >> https://pagure.io/fedora-infrastructure > > _______________________________________________ > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > > Do not reply to spam on the list, report it: > > https://pagure.io/fedora-infrastructure > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
