SECRETS: Use separate quotas for /kcm and /secrets hives

This would differentiate between out-of-capacity errors for secrets and
for KCM as they are two independent trees as far as sssd-secrets is
concerned.

The quotas for /kcm are also different in their defaults. For the /secrets
hive, we presume a large amount of small secrets. For the /kcm hive, we
presume a small amount of large secrets, because the secret is a ccache
which contains multiple credentials.

The operations are also passed in a struct quota from the local request
context instead of local_context. The quota is assigned to the request
context when the hive is selected.

Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/src/man/sssd-secrets.5.xml b/src/man/sssd-secrets.5.xml
index d50cb13d8..ba77d6232 100644
--- a/src/man/sssd-secrets.5.xml
+++ b/src/man/sssd-secrets.5.xml
@@ -196,7 +196,7 @@ systemctl enable sssd-secrets.service
                     can be stored in the hive.
                 </para>
                 <para>
-                    Default: 1024
+                    Default: 1024 (secrets hive), 256 (kcm hive)
                 </para>
                 </listitem>
             </varlistentry>
@@ -208,7 +208,7 @@ systemctl enable sssd-secrets.service
                     a secret payload in kilobytes.
                 </para>
                 <para>
-                    Default: 16
+                    Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)
                 </para>
                 </listitem>
             </varlistentry>