-
Notifications
You must be signed in to change notification settings - Fork 47
Secure Memory Limitations
When that happens, it's very likely due to secure memory. Most operating systems have sane defaults, while some others have a very low value. For OTPClient, it is suggested to have a memlock limit either greater than 65536 KiB (64 MiB) or unlimited. You can check that with ulimit -l, which will show the maximum size of memory, in KB, that can be locked into RAM.
If you execute the program from the terminal, you should see something similar to the following:
couldn't lock 16384 bytes of memory (secret_file_backend): Cannot allocate memory
or
couldn't lock 16384 bytes of memory (secret_session): Cannot allocate memory
or
couldn't allocate secure memory
If the same should happen also to you, please before opening an issue here on GitHub try to increase the memlock value by following the steps written below.
- if
pam_limitsisn't found in/etc/pam.d/(from terminalgrep -rni pam_limits /etc/pam.d/), append to the file/etc/pam.d/common-sessionthe following text:
session required pam_limits.so
- then, locate if a file containing the limits exists with
grep -rni memlock /etc/security/. If none exists, you can create a file called, for example,/etc/security/limits.d/memlock.confand add the following text:
<your_username> soft memlock unlimited
<your_username> hard memlock unlimited
where <your_username> is the username you use to login. You can get that string, for example, by executing whoami from the terminal.
Reboot the system and now ulimit -l should show you unlimited or whatever other value you have chosen.