RE: Administrative control of proxy lifetime?
Jim,
If you can get a configurable max lifetime in there, that would
be great. Any idea when the next rev will be out?
Steve
-----Original Message-----
From: owner-myproxy-users@ncsa.uiuc.edu
[mailto:owner-myproxy-users@ncsa.uiuc.edu] On Behalf Of Jim Basney
Sent: Thursday, January 29, 2004 5:48 PM
To: Steve Chan
Cc: myproxy-users@ncsa.uiuc.edu
Subject: Re: Administrative control of proxy lifetime?
Steve,
Yes, I can add this feature for the next release. Note that if you're
using myproxy-admin-adduser or myproxy-admin-load-credential, you can
set
the maximum lifetime with the -t option. The maximum lifetime for
retrieved credentials is 12 hours by default if not overridden by the -t
option of myproxy-init, myproxy-admin-adduser, or
myproxy-admin-load-credential.
-Jim
At 07:17 PM 1/29/2004, Steve Chan wrote:
> Are there any plans to put a server config that will put a
> cap on the maximum lifetime for a proxy credential?
>
>
>
> Wed like to prevent users from getting what is essentially
a
> long lived certificate (say, a proxy cert good for 12 months) and
leaving
> it laying around for convenience.
>
>
>
> I dont see anything in the configuration docs that address
> this, and it has come up several times already in discussions about
> myproxy. If it isnt in the pipeline, can we get it added in there?
>
>
>
> Thanks,
>
> Steve