Hi,
Every now and then I cannot login anymore after waking up from a suspend. I'm getting krb5_child: DIsk quota exceeded
I suspend my PC at the end of the working day. Most of the time I can unlock my screen after waking up. But now it happened two days in a row.
I have tried restarting sssd, certmonger (after logging in with a local user). That doesn't help. The only thing that seems to help is a reboot.
This happens on a Ubuntu 20.04 system with freeipa-client 4.8.6-1ubuntu2, sssd 2.2.3-3ubuntu0.6
Can anyone give me a hint how to enable more debug/logging? Or should I ask help in another ml?
On Mon, Oct 4, 2021 at 10:35 AM Kees Bakker via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi,
Every now and then I cannot login anymore after waking up from a suspend. I'm getting krb5_child: DIsk quota exceeded
I suspend my PC at the end of the working day. Most of the time I can unlock my screen after waking up. But now it happened two days in a row.
I have tried restarting sssd, certmonger (after logging in with a local user). That doesn't help. The only thing that seems to help is a reboot.
This happens on a Ubuntu 20.04 system with freeipa-client 4.8.6-1ubuntu2, sssd 2.2.3-3ubuntu0.6
Can anyone give me a hint how to enable more debug/logging? Or should I ask help in another ml?
Hi,
You need the output of: # cat /proc/key-users The first field is the UID, the fifth field is the number of bytes used and the maximum bytes the user may use.
François
-- Kees _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
On 04-10-2021 11:04, François Cami via FreeIPA-users wrote:
On Mon, Oct 4, 2021 at 10:35 AM Kees Bakker via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi,
Every now and then I cannot login anymore after waking up from a suspend. I'm getting krb5_child: DIsk quota exceeded
I suspend my PC at the end of the working day. Most of the time I can unlock my screen after waking up. But now it happened two days in a row.
I have tried restarting sssd, certmonger (after logging in with a local user). That doesn't help. The only thing that seems to help is a reboot.
This happens on a Ubuntu 20.04 system with freeipa-client 4.8.6-1ubuntu2, sssd 2.2.3-3ubuntu0.6
Can anyone give me a hint how to enable more debug/logging? Or should I ask help in another ml?
Hi,
You need the output of: # cat /proc/key-users The first field is the UID, the fifth field is the number of bytes used and the maximum bytes the user may use.
François
OK thanks. I'll keep an eye on its progress, especially when the error occurs again.
-- Kees _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
On 04-10-2021 11:04, François Cami via FreeIPA-users wrote:
On Mon, Oct 4, 2021 at 10:35 AM Kees Bakker via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi,
Every now and then I cannot login anymore after waking up from a suspend. I'm getting krb5_child: DIsk quota exceeded
I suspend my PC at the end of the working day. Most of the time I can unlock my screen after waking up. But now it happened two days in a row.
I have tried restarting sssd, certmonger (after logging in with a local user). That doesn't help. The only thing that seems to help is a reboot.
This happens on a Ubuntu 20.04 system with freeipa-client 4.8.6-1ubuntu2, sssd 2.2.3-3ubuntu0.6
Can anyone give me a hint how to enable more debug/logging? Or should I ask help in another ml?
Hi,
You need the output of: # cat /proc/key-users The first field is the UID, the fifth field is the number of bytes used and the maximum bytes the user may use.
François
Interesting. The default for a non-root user is 20000. I can easily reach that limit by running an ssh command to more than 15 hosts. I get a hostkey for each in the keyring. Each key takes roughly 1180 bytes. Right now I have occupied 19555/20000.
No new hostkey can be stored in the keyring but I can still connect to the remote systems. And I can still login on this system.
I'm guessing that login might become critical if the keyring gets occupied much closer to the 20000 limit. I don't how many bytes are needed at that point.
Besides all these observations we should try to improve the error message. Just "Disk quota exceeded" is not meaningful for the average user. -- Kees
-- Kees _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
On Mon, Oct 4, 2021 at 8:25 PM Kees Bakker via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
On 04-10-2021 11:04, François Cami via FreeIPA-users wrote:
On Mon, Oct 4, 2021 at 10:35 AM Kees Bakker via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
Hi,
Every now and then I cannot login anymore after waking up from a suspend. I'm getting krb5_child: DIsk quota exceeded
I suspend my PC at the end of the working day. Most of the time I can unlock my screen after waking up. But now it happened two days in a row.
I have tried restarting sssd, certmonger (after logging in with a local user). That doesn't help. The only thing that seems to help is a reboot.
This happens on a Ubuntu 20.04 system with freeipa-client 4.8.6-1ubuntu2, sssd 2.2.3-3ubuntu0.6
Can anyone give me a hint how to enable more debug/logging? Or should I ask help in another ml?
Hi,
You need the output of: # cat /proc/key-users The first field is the UID, the fifth field is the number of bytes used and the maximum bytes the user may use.
François
Interesting. The default for a non-root user is 20000. I can easily reach that limit by running an ssh command to more than 15 hosts. I get a hostkey for each in the keyring. Each key takes roughly 1180 bytes. Right now I have occupied 19555/20000.
Yes. https://man7.org/linux/man-pages/man7/keyrings.7.html should have all the details.
BTW, I think the big_key support detailed in: https://k5wiki.kerberos.org/wiki/Projects/Keyring_collection_cache should help, but how to use it in your case is best asked to your distribution developers.
No new hostkey can be stored in the keyring but I can still connect to the remote systems. And I can still login on this system.
I'm guessing that login might become critical if the keyring gets occupied much closer to the 20000 limit. I don't how many bytes are needed at that point.
Besides all these observations we should try to improve the error message. Just "Disk quota exceeded" is not meaningful for the average user.
That's for MIT krb5, if you want to report that.
François
-- Kees
-- Kees _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
freeipa-users@lists.fedorahosted.org