Re: [cas-user] Fwd: Issues with cas-password-manager

[shyam soundar]

Hi john,

Thanks for the info. I see messages_en.properties &
cas-theme-default.properties resides in WEB-INF/classes. Any suggestions

Thanks
Shyam

On Tue, Oct 14, 2014 at 9:17 PM, John Gasper  wrote:

>  I've see nthe Theme error before, but I don't remember the exact cause.
> The first thing off the top of my head is that there is a missing
> messages_en.properties file or a missing cas-theme-default.properties from
> the WEB-INF/classes/.
>
> If the insufficient privileges error isn't because the account changing
> the password doesn't have enough privileges then I'm not sure what else it
> could be.
>
>
>
>  On 10/13/14 9:58 PM, shyam soundar wrote:
>
>  Hi John,
>
>  Thanks for your suggestion. What about other 2 issues i have mentioned.
>
> 2014-10-13 10:32:41,383 WARN [org.springframework.context.
> support.ResourceBundleMessageSource] -  for MessageSource: Can't find bundle for base name theme, locale en_US>
> 2014-10-13 10:32:41,383 WARN
> [org.springframework.context.support.ResourceBundleMessageSource] -
>  base name theme, locale en_US>
> *2014-10-13 10:32:41,383 ERROR [org.springframework.web.*
> *servlet.tags.ThemeTag] -  'standard.custom.css.file' for locale 'en_US'.> 
> javax.servlet.jsp.**JspTagException:
> Theme 'theme': No message found under code 'standard.custom.css.file' for
> locale 'en_US'.*
>
>  *While changing password*
>
> 2014-10-13 10:35:34,358 ERROR [net.unicon.cas.
> passwordmanager.flow.ProcessChangePasswordAction] -  changing user's password.>
> org.springframework.ldap.NoPermissionException: [LDAP: error code 50 -
> 0005: SecErr: DSID-031A1169, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
> ^@]; nested exception is javax.naming.NoPermissionException: [LDAP: error
> code 50 - 0005: SecErr: DSID-031A1169, problem 4003
> (INSUFF_ACCESS_RIGHTS), data 0
>
>  Thanks
> Shyam
>
>
> On Mon, Oct 13, 2014 at 8:24 PM, John Gasper  wrote:
>
>>  The PKIX error is SSL related. "unable to find valid certification path
>> to requested target" tells us it can't find a valid certificate chain for
>> the presented cert. Most likely you are connecting to LDAP via SSL and the
>> cert isn't trusted by Java. You'll need to add the root cert in to Java's
>> cacerts file. There's lots of resources available via Google to help you
>> with that.
>>
>> ---
>> *John Gasper*
>> IAM Consultant
>> Unicon, Inc.
>> PGP/GPG Key: 0xbafee3ef
>>
>>   On 10/13/14 4:13 AM, shyam soundar wrote:
>>
>>
>>   Hi,
>>
>>   I am playing with cas-password-manager & facing some issues related to
>> ldap & theme.
>>
>>  *Ref: https://github.com/Unicon/cas-password-manager
>> *
>>
>>  *Please find the error log below*
>>
>>
>>at java.lang.Thread.run(Thread.java:701)
>> Caused by: sun.security.validator.ValidatorException: PKIX path building
>> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
>> to find valid certification path to requested target
>> at
>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:324)
>> at
>> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:224)
>> at sun.security.validator.Validator.validate(Validator.java:235)
>> at
>> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:147)
>> at
>> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:230)
>> at
>> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
>> at
>> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1147)
>> ... 48 more
>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
>> unable to find valid certification path to requested target
>> at
>> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:197)
>> at
>> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:255)
>> at
>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:319)
>> ... 54 more
>> 2014-10-13 10:32:41,383 WARN
>> [org.springframework.context.support.ResourceBundleMessageSource] -
>> > base name theme, locale en_US>
>> 2014-10-13 10:32:41,383 WARN
>> [org.springframework.context.support.ResourceBundleMessageSource] -
>> > base name theme, locale en_US>
>> 2014-10-13 10:32:41,383 ERROR
>> [org.springframework.web.servlet.tags.ThemeTag] - > message found under code 'standard.custom.css.file' for locale 'en_US'.>
>> javax.servlet.jsp.JspTagException: Theme 'theme': No message found under
>> code 'standard.custom.css.file' for locale 'en_US'.
>>
>>  *While changing password*
>>
>> 2014-10-13 10:35:34,358 ERROR
>> [net.unicon.cas.passwordmanager.flow.ProcessChangePasswordAction] -
>> 
>> org.springframework.ldap.NoPermissionException: [LDAP: error code 50 -
>> 0005: SecErr: DSID-031A1169, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
>> ^@]; nested exception is javax.naming.NoPer

Re: [cas-user] Fwd: Issues with cas-password-manager

[shyam soundar]

Hi john,

FYI

Copying cas-theme-default.properties to theme.properties resolves it



Thanks
Shyam

On Wed, Oct 15, 2014 at 2:02 PM, shyam soundar 
wrote:

> Hi john,
>
> Thanks for the info. I see messages_en.properties &
> cas-theme-default.properties resides in WEB-INF/classes. Any suggestions
>
> Thanks
> Shyam
>
> On Tue, Oct 14, 2014 at 9:17 PM, John Gasper  wrote:
>
>>  I've see nthe Theme error before, but I don't remember the exact cause.
>> The first thing off the top of my head is that there is a missing
>> messages_en.properties file or a missing cas-theme-default.properties from
>> the WEB-INF/classes/.
>>
>> If the insufficient privileges error isn't because the account changing
>> the password doesn't have enough privileges then I'm not sure what else it
>> could be.
>>
>>
>>
>>  On 10/13/14 9:58 PM, shyam soundar wrote:
>>
>>  Hi John,
>>
>>  Thanks for your suggestion. What about other 2 issues i have mentioned.
>>
>> 2014-10-13 10:32:41,383 WARN [org.springframework.context.
>> support.ResourceBundleMessageSource] - > for MessageSource: Can't find bundle for base name theme, locale en_US>
>> 2014-10-13 10:32:41,383 WARN
>> [org.springframework.context.support.ResourceBundleMessageSource] -
>> > base name theme, locale en_US>
>> *2014-10-13 10:32:41,383 ERROR [org.springframework.web.*
>> *servlet.tags.ThemeTag] - > 'standard.custom.css.file' for locale 'en_US'.> 
>> javax.servlet.jsp.**JspTagException:
>> Theme 'theme': No message found under code 'standard.custom.css.file' for
>> locale 'en_US'.*
>>
>>  *While changing password*
>>
>> 2014-10-13 10:35:34,358 ERROR [net.unicon.cas.
>> passwordmanager.flow.ProcessChangePasswordAction] - > changing user's password.>
>> org.springframework.ldap.NoPermissionException: [LDAP: error code 50 -
>> 0005: SecErr: DSID-031A1169, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
>> ^@]; nested exception is javax.naming.NoPermissionException: [LDAP: error
>> code 50 - 0005: SecErr: DSID-031A1169, problem 4003
>> (INSUFF_ACCESS_RIGHTS), data 0
>>
>>  Thanks
>> Shyam
>>
>>
>> On Mon, Oct 13, 2014 at 8:24 PM, John Gasper  wrote:
>>
>>>  The PKIX error is SSL related. "unable to find valid certification
>>> path to requested target" tells us it can't find a valid certificate chain
>>> for the presented cert. Most likely you are connecting to LDAP via SSL and
>>> the cert isn't trusted by Java. You'll need to add the root cert in to
>>> Java's cacerts file. There's lots of resources available via Google to help
>>> you with that.
>>>
>>> ---
>>> *John Gasper*
>>> IAM Consultant
>>> Unicon, Inc.
>>> PGP/GPG Key: 0xbafee3ef
>>>
>>>   On 10/13/14 4:13 AM, shyam soundar wrote:
>>>
>>>
>>>   Hi,
>>>
>>>   I am playing with cas-password-manager & facing some issues related to
>>> ldap & theme.
>>>
>>>  *Ref: https://github.com/Unicon/cas-password-manager
>>> *
>>>
>>>  *Please find the error log below*
>>>
>>>
>>>at java.lang.Thread.run(Thread.java:701)
>>> Caused by: sun.security.validator.ValidatorException: PKIX path building
>>> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
>>> to find valid certification path to requested target
>>> at
>>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:324)
>>> at
>>> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:224)
>>> at sun.security.validator.Validator.validate(Validator.java:235)
>>> at
>>> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:147)
>>> at
>>> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:230)
>>> at
>>> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
>>> at
>>> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1147)
>>> ... 48 more
>>> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
>>> unable to find valid certification path to requested target
>>> at
>>> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:197)
>>> at
>>> java.security.cert.CertPathBuilder.build(CertPathBuilder.java:255)
>>> at
>>> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:319)
>>> ... 54 more
>>> 2014-10-13 10:32:41,383 WARN
>>> [org.springframework.context.support.ResourceBundleMessageSource] -
>>> >> base name theme, locale en_US>
>>> 2014-10-13 10:32:41,383 WARN
>>> [org.springframework.context.support.ResourceBundleMessageSource] -
>>> >> base name theme, locale en_US>
>>> 2014-10-13 10:32:41,383 ERROR
>>> [org.springframework.web.servlet.tags.ThemeTag] - >> message found under code 'standard.custom.css.file' for locale 'en_US'.>
>>> javax.servlet.jsp.JspTagException: Theme 'theme': No message found under
>>> code 'standard.custom.css.file' for locale 'en_US'.
>>>
>>>  *While changing password*
>>>
>>> 2014-10-13 10

RE: [cas-user] Cas Server 4.0 | Understanding Attribute Release

[Misagh Moayyed]

I was able to duplicate this. There is a discrepancy between CAS views and 
SAML views; PrimaryAuthn is used in one but not the other.



Submitted this issue to track:

https://github.com/Jasig/cas/issues/722



For the time being, would you be able to point your CAS client to 
/p3/serviceValidate and not use SAML? That should get you only the 
attributes you allowed.



From: Carlos Olivera [mailto:carlosroliv...@gmail.com]
Sent: Tuesday, October 14, 2014 7:45 AM
To: cas-user@lists.jasig.org
Cc: cas-user@lists.jasig.org; cas-user@lists.jasig.org; 
daniel.char...@unice.fr
Subject: Re: [cas-user] Cas Server 4.0 | Understanding Attribute Release



Ok, now I have more information about this issue, I know where the problem 
is located but I don't know why it happens.



I will enumerate all relevant steps from getting the attributes to saml 
creation of attributes (At least how I think it works)

1.  CentralAuthenticationServiceImpl: createTicketGrantingTicket(final 
Credential... credentials) calls 
this.authenticationManager.authenticate(credentials)
2.  authenticateUsernamePasswordInternal: In this method, I get the user 
from 
DB and load all its attributes. I return: createHandlerResult(credential, 
new SimplePrincipal(username, atributos), null); "atributos" contains all 
the user attributes. So, from now on, Principal will have all the 
attributes, in my test "name" and "lastname"
3.  CentralAuthenticationServiceImpl: createTicketGrantingTicket(final 
Credential... credentials) creates the ticket. The ticket has an 
Authentication object which contains the Principal created.
4.  At some point the code hits validateServiceTicket and finishes 
returning 
an ImmutableAssertion with the following attributes:

*   primary (Authentication), it's and Authentication object with a 
modifiedPrincipal. This particular principal has all the attributes I want 
because it went through all the necessary filters.
*   chained (List), this list references to 
serviceTicket.getGrantingTicket().getChainedAuthentications(), it only has 
one item, and the principal contained in that Authentication item is the 
first one created with all the attributes.

5.  At last, the code hits Saml10SuccessResponseView.prepareResponse, the 
first line gets an Authentication object from:

*   final Authentication authentication = 
getAssertionFrom(model).getChainedAuthentications().get(0); and from that 
Authentication retrieves all the attributes.

In a simple test, I changed

 getAssertionFrom(model).getChainedAuthentications().get(0)

to

getAssertionFrom(model).getPrimaryAuthentication()



and it works, now I'm getting only the attributes that I want in the client.



I'm sure this isn't a viable solution, because I'm messing with 
Saml10SuccessResponseView and I shouldn't, but I wanted to know if that was 
the problem. With all this new information, maybe some of you could tell me 
what I'm doing wrong and guide me in the right direction.



Thanks in advance.


El lunes, 13 de octubre de 2014 12:26:34 UTC-2, daniel@unice.fr 
  escribió:

Me yeah, SAML 1.1 with an function php which does just a getAttribute().



-

Daniel CHARLOT

D.S.I. Université de Nice Sophia-Antipolis

Administrateur Systèmes et Réseaux

28, avenue de Valrose - BP 2135 - 06103 NICE

Tél : 04-92-07-67-07





















Le 13 oct. 2014 à 16:18, Misagh Moayyed  > 
a écrit :





Nothing jumps out at me in your configuration. I’ll run some tests to see if 
I can duplicate the error and provide an explanation.



Do I remember correctly that you said you were using SAML 1.1 to get 
attributes?



From: Carlos Olivera [  mailto:car...@gmail.com]
Sent: Monday, October 13, 2014 5:00 AM
To:   cas-...@lists.jasig.org
Cc:   daniel@unice.fr
Subject: Re: [cas-user] Cas Server 4.0 | Understanding Attribute Release



Sorry, the client code to retrieve the attributes is:





AttributePrincipal principal = 
(AttributePrincipal)request.getUserPrincipal();

Map attributes = principal.getAttributes();



2014-10-13 9:50 GMT-02:00 Carlos Olivera <  
carlosr...@gmail.com>:

I tried to debug the code in order to figure out when the principal was 
saved with all the attributes. I got the following Assertion 
(ImmutableAssertion) object created (ServiceValidateController):



*   primaryAuthentication (ImmutableAuthentication): The Principal has an 
empty list of attributes, wich is what I need according to my configuation.
*   chainedAuthentications (List): Return a list 
with 
only one item, but in that case the Principal in the Authentication object 
has ALL the attributes of the user.

Is that the standard behaviour in the login proccess?



Something I haven't said yet, to retrieve the attributes from the client I 
use the following code:

AttributePrincipal principal = (AttributePrincipal)request.

Map attributes = principal.getAttr

[cas-user] Trouble setting up clearpass

[Adam Causey]

I'm attempting to setup clearpass in CAS 3.5.2.  I've followed the
instructions found here: https://wiki.jasig.org/display/casum/clearpass .
However, it my test client when I call the /clearPass endpoint I get a 404
Not Found response.

I checked to make sure the /clearPass is being mapping with the defined
HandlerMapping in clearpass-configuration.xml, and everything looks fine.
There are no errors in my logs.

Any advice on getting this setup?

Thanks!

Adam Causey
Virginia Commonwealth University

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] HA architectures for CAS

[Adam Causey]

I am looking into the HazelcastRegistry.  It seems fine so far in a test
environment, but I have not load tested it.  A few others indicated they
are using it in a production environment.  It's very easy to setup.

https://github.com/Unicon/cas-addons/wiki/Configuring-HazelcastTicketRegistry

We are also moving away from a database replication that is not very
reliable for us.


On Tue, Oct 14, 2014 at 4:43 PM, Scott Massari 
wrote:

> Also running ehcache with JSON service registry. 3 node cluster in both
> test and prod behind Cisco ACE load balancers.
>
>
> --
> Date: Mon, 13 Oct 2014 16:17:28 -0700
> Subject: Re: [cas-user] HA architectures for CAS
> From: cfesk...@willamette.edu
> To: cas-user@lists.jasig.org
>
>
> We switched from memcache-repcache for tickets and /MySQL for service
> registry to using replicated ehcache for the ticket registry and JSON
> service registry (We manage with puppet, but git/cron would work just as
> well.)  This sits behind an apache load balancer.  From a clustering
> standpoint it works great for us.
>
> On Mon, Oct 13, 2014 at 12:28 PM, Andrew Morgan  wrote:
>
> On Mon, 13 Oct 2014, Benito J. Gonzalez wrote:
>
>  Dear Community,
>
> We are looking to build a High Availability CAS solution for our campus
> rather quickly. We currently have two CAS app VMs sharing tickets with a
> single database as a single point of failure. We have F5 in front to
> load-balance traffic.
>
> What are some high level architectures for HA you have implemented?
>
>
> We have a 2-node CAS cluster behind a load balancer.  The ticket registry
> is stored in memcache+repcache.  CAS connects to memcache on the localhost
> and it is replicated to the other node.
>
> The service registry is stored in MySQL.  CAS continues to process
> authentications while MySQL is down (note: see issue CAS-1458), although
> you cannot make changes to services, of course.
>
> Andy
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as:
> cfesk...@willamette.edu
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
>
>
> --
>
> -
> Casey Feskens 
> Associate Director of Systems Services
> Willamette Integrated Technology Services
> Willamette University, Salem, OR
> Phone:  (503) 370-6950
> -
>
>  --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> scott_3...@hotmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: apcau...@vcu.edu
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] HA architectures for CAS

[Adam Causey]

I should mention that my solution does not include replication for the
services registry, which is my next step.  So I will be interested in what
works for you.

On Wed, Oct 15, 2014 at 2:43 PM, Adam Causey  wrote:

> I am looking into the HazelcastRegistry.  It seems fine so far in a test
> environment, but I have not load tested it.  A few others indicated they
> are using it in a production environment.  It's very easy to setup.
>
>
> https://github.com/Unicon/cas-addons/wiki/Configuring-HazelcastTicketRegistry
>
> We are also moving away from a database replication that is not very
> reliable for us.
>
>
> On Tue, Oct 14, 2014 at 4:43 PM, Scott Massari 
> wrote:
>
>> Also running ehcache with JSON service registry. 3 node cluster in both
>> test and prod behind Cisco ACE load balancers.
>>
>>
>> --
>> Date: Mon, 13 Oct 2014 16:17:28 -0700
>> Subject: Re: [cas-user] HA architectures for CAS
>> From: cfesk...@willamette.edu
>> To: cas-user@lists.jasig.org
>>
>>
>> We switched from memcache-repcache for tickets and /MySQL for service
>> registry to using replicated ehcache for the ticket registry and JSON
>> service registry (We manage with puppet, but git/cron would work just as
>> well.)  This sits behind an apache load balancer.  From a clustering
>> standpoint it works great for us.
>>
>> On Mon, Oct 13, 2014 at 12:28 PM, Andrew Morgan  wrote:
>>
>> On Mon, 13 Oct 2014, Benito J. Gonzalez wrote:
>>
>>  Dear Community,
>>
>> We are looking to build a High Availability CAS solution for our campus
>> rather quickly. We currently have two CAS app VMs sharing tickets with a
>> single database as a single point of failure. We have F5 in front to
>> load-balance traffic.
>>
>> What are some high level architectures for HA you have implemented?
>>
>>
>> We have a 2-node CAS cluster behind a load balancer.  The ticket registry
>> is stored in memcache+repcache.  CAS connects to memcache on the localhost
>> and it is replicated to the other node.
>>
>> The service registry is stored in MySQL.  CAS continues to process
>> authentications while MySQL is down (note: see issue CAS-1458), although
>> you cannot make changes to services, of course.
>>
>> Andy
>>
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as:
>> cfesk...@willamette.edu
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>>
>>
>> --
>>
>> -
>> Casey Feskens 
>> Associate Director of Systems Services
>> Willamette Integrated Technology Services
>> Willamette University, Salem, OR
>> Phone:  (503) 370-6950
>> -
>>
>>  --
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> scott_3...@hotmail.com
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: apcau...@vcu.edu
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE: [cas-user] HA architectures for CAS

[Paul B. Henson]

> From: Adam Causey
> Sent: Wednesday, October 15, 2014 11:43 AM
>
> I am looking into the HazelcastRegistry.  It seems fine so far in a test
> environment, but I have not load tested it.  A few others indicated they are
> using it in a production environment.  It's very easy to setup.

I've been running a three node Hazelcast CAS cluster for about a year or so, 
it's been great (thanks unicon!). Performs well, and I've had no problems with 
it. The only caveat was that I was unable to get the bundled Hazelcast 
encryption working. I ended up using IPsec tunnels to route the cluster traffic 
to be secure on the wire, that worked out great, even better than the bundled 
Hazelcast encryption. If you don't care about the cluster traffic being secure 
on the wire it won't be an issue for you…

--
Paul B. Henson  |  (909) 979-6361  |  http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst  |  hen...@csupomona.edu
California State Polytechnic University  |  Pomona CA 91768



-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE: [cas-user] HA architectures for CAS

[Paul B. Henson]

> From: Adam Causey
> Sent: Wednesday, October 15, 2014 11:46 AM
>
> I should mention that my solution does not include replication for the
> services registry, which is my next step.  So I will be interested in what 
> works
> for you.

We use the unicon json services registry. The file is stored in our distributed 
configuration management system and automatically pushed out to all the boxes 
when it changes. The boxes are configured to reload it within 10 minutes or so 
I think. Trying to have some kind of clustered/replicated database backend for 
that seems a bit overkill.

--
Paul B. Henson  |  (909) 979-6361  |  http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst  |  hen...@csupomona.edu
California State Polytechnic University  |  Pomona CA 91768



-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user