Coda File System

Re: token expiry 25 hours

From: <u+codalist-wk5r_at_chalmers.se>
Date: Tue, 25 Nov 2008 19:21:32 +0100
Hej Roger!

On Tue, Nov 25, 2008 at 11:51:15AM -0330, Roger Mason wrote:
> I have set up a cluster of linux boxes that are coda clients.  The aim
> is to share a filesystem in which calculations will be performed using
> pbs scheduling.  Everything is fine when I remember to clog on all

I am a bit curious, have you arranged the writes so that there are
no opportunity for conflicts? (are there suitable provisions in pbs?)

> the machines in the cluster.  However I am concerned about what will
> happen when a token expires before a given client completes its task
> and writes files.

You have to teach the uid running the jobs to regularly refetch
tokens. Like

while sleep 18000; do
  clog pbsrunner_at_rogers.coda.realm </protected/local/file/with/password
done

or let cron do that.

> Is there some way that I can make the token permanent, i.e. last until
> I explicitly cunlog?  Failing that, is there some way that I can set

Passwords are the "indefinitely valid" proof of identity.
One of the useful properties of tokens is that they expire
and as such are harder to steal for later use.
If you do not want any expiry, you can as well use the password.
Then can you explicitely "disable" the old password by changing it.

> the expiry time?  I looked in the documentation but did not see a
> mention of this.

There is a possibility to generate tokens with arbitrary validity
periods, but as much as I can see, your need is for "infinite" validity.

Given the realm secret, you can generate arbitrary tokens
with clog -method generate. I don't think though that you want to bother
generating long-lived tokens. It is much simpler to use passwords
and change them when desired.

Regards,
Rune
Received on 2008-11-25 13:22:50