From 940002ca21abde53ad81df622d1f4dd3b5e8e014 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 30 Nov 2018 13:34:22 +0100
Subject: [PATCH 20/23] SECRETS: Don't limit the global number of ccaches
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Related:
https://pagure.io/SSSD/sssd/issue/3386

In the KCM context, the global number of ccaches would limit the number
of users who can store their ccaches in the KCM deamon.

In more detail, the options have the following semantics with KCM:
    - DEFAULT_SEC_KCM_MAX_SECRETS - global number of secrets, would
    cover both how many ccaches can a user store, but this is better
    served with DEFAULT_SEC_KCM_MAX_UID_SECRETS

    - DEFAULT_SEC_KCM_MAX_UID_SECRETS - how many 'principals' can a user
    kinit with

    - DEFAULT_SEC_KCM_MAX_PAYLOAD_SIZE - the payload size of service
    tickets

With the above in mind, I think the most important limits are
max_uid_secrets to limit and the payload size to constraint how much
space can a user occupy and it doesn't make much sense to limit the
global quota.

Reviewed-by: Michal Židek <mzidek@redhat.com>
---
 src/util/secrets/secrets.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/util/secrets/secrets.h b/src/util/secrets/secrets.h
index 31164bd86..9cf397516 100644
--- a/src/util/secrets/secrets.h
+++ b/src/util/secrets/secrets.h
@@ -39,7 +39,7 @@
  * but the secret size must be large because one secret in the /kcm
  * hive holds the whole ccache which consists of several credentials
  */
-#define DEFAULT_SEC_KCM_MAX_SECRETS      256
+#define DEFAULT_SEC_KCM_MAX_SECRETS      0          /* unlimited */
 #define DEFAULT_SEC_KCM_MAX_UID_SECRETS  64
 #define DEFAULT_SEC_KCM_MAX_PAYLOAD_SIZE 65536
 
-- 
2.20.1