On 02/24/2014 03:11 PM, Ewan MacMahon wrote:
> It should be set to something shorter, let's say about an hour for
> now. Secondly, the PDP has a 'retention interval' for which it will
> cache a result, so it's possible for it to remember an authorisation
> for a while even after a new policy has been downloaded, during which
> time a DN could appear to be suspended by policy, but actually still
> be allowed to log in to things. That period is also set to four hours
> by default, and that needs to be much shorter; there isn't an upstream
> recommendation for this at the moment, but I'm experimenting with
> twenty minutes on the Oxford site ARGUS.
Hi Ewan, Orlin,
*** Progress Report ***
To set the polling interval, I'm assuming this command.
pap-admin set-polling-interval 3600
To set the retention interval, I'm editing /etc/argus/pdp/pdp.ini like this:
:%s/retentionInterval = 240/retentionInterval = 20/
Question: I need to know what to set this to for UK NGI:
pap-admin add-pap ngi argus-ngi.example.org "CN=argus-ngi.example.org,OU=example,O=hosts,O=VL-e P4"
Any idea of the right server/DN?
Cheers,
Steve
--
Steve [log in to unmask]
System Administrator office: 220
High Energy Physics Division tel (int): 42334
Oliver Lodge Laboratory tel (ext): +44 (0)151 794 2334
University of Liverpoolhttp://www.liv.ac.uk/physics/hep/
|