There's currently no easy way to adjust the default TTL. As of 0.5.8, you have to edit the MUNGE_DEFAULT_TTL define in src/libcommon/munge_defs.h and recompile.
The plan has always been to add a proper config file for parameters like this, but I haven't had a chance to do so yet. If this is going to cause you problems, let me know and I'll add a quick command-line option to munged to specify this default until I get around to doing a config file. -Chris On Mon, 2008-04-21 at 01:20pm CDT, Hien Nguyen wrote: > > Chris, > > I tried to increase the TTL time frame by adding option --time 1500 > into /etc/sysconfig/munge. Can I setup TTL in /etc/sysconfig/munge ? > What option I should use ? > > Regards, > > Hien Nguyen > Linux Technology Center (Austin) > Phone: (512) 838-4140 Tie Line: 678-4140 > e-mail: [EMAIL PROTECTED] > > > Chris Dunlap <[EMAIL PROTECTED]> > 04/21/2008 12:30 PM > > To > Hien Nguyen/Austin/[EMAIL PROTECTED] > cc > [email protected] > Subject > Re: [munge-users] expired credential > > A credential contains the time at which it was encoded. When it is > later decoded, it must be within +/- TTL seconds of this encode time > according to the local clock on the host performing the decode. > > The "expired credential" error indicates that more than TTL seconds > have elapsed sinced the credential was encoded (based on the local > clock). > > The analogous "rewound credential" error differs in that it indicates > the credential appears to have been encoded by more than TTL seconds > in the future. This means the clock on the decoding host is slower > than that of the encoding host by more than the credential's TTL > (which defaults to 300 seconds). > > So, in short, your clocks are likely out of sync by more than 5 > minutes. > > -Chris > > > On Mon, 2008-04-21 at 10:12am CDT, Hien Nguyen wrote: > > > > I have munge-0.5.8-1, and used munge as authentication when running > > slurm. the authentication failed because munge has expired > > credential. Can someone tell what needs to be done if munged has > > expired credential ? what does "rewound credential" mean ? > > (/etc/munge/munge.key is the same on two machines.) > > > > I have two machines: > > > > - The first one has the following: > > cluster-3 root]$ munge -n |ssh [EMAIL PROTECTED] unmunge > > [EMAIL PROTECTED]'s password: > > STATUS: Expired credential (15) > > ENCODE_HOST: cluster-3.ltc.austin.ibm.com (9.3.110.181) > > ENCODE_TIME: 2008-04-21 07:57:56 (1208789876) > > DECODE_TIME: 2008-04-21 14:57:55 (1208815075) > > TTL: 300 > > CIPHER: aes128 (4) > > MAC: sha1 (3) > > ZIP: none (0) > > UID: slurm (500) > > GID: slurm (500) > > LENGTH: 0 > > > > The second system has: > > [EMAIL PROTECTED] ~]# munge -n |ssh cluster-3 unmunge > > [EMAIL PROTECTED]'s password: > > STATUS: Rewound credential (16) > > ENCODE_HOST: cluster-6.ltc.austin.ibm.com (9.3.110.184) > > ENCODE_TIME: 2008-04-21 14:58:27 (1208815107) > > DECODE_TIME: 2008-04-21 07:58:39 (1208789919) > > TTL: 300 > > CIPHER: aes128 (4) > > MAC: sha1 (3) > > ZIP: none (0) > > UID: root (0) > > GID: root (0) > > LENGTH: 0 > > > > Regards, > > > > Hien Nguyen > > Linux Technology Center (Austin) > > Phone: (512) 838-4140 Tie Line: 678-4140 > > e-mail: [EMAIL PROTECTED] _______________________________________________ munge-users mailing list [email protected] https://mail.gna.org/listinfo/munge-users
