On Sun, Jul 22, 2012 at 6:10 AM, Ronen Itkin <[email protected]> wrote:
> Hi all, > > I have noticed that there are several places to tune different timeout > parameters. > I am using mod_cas_auth as a Cas client and there are two configurable > directive (/etc/apache2/httpd.conf): > > *Directive*: CASTimeout > *Default*: 7200 (2 hours) > *Description*: This is the hard limit, in seconds, for a mod_auth_cas > session (whether > it is idle or not). When a session has reached this age and a new > request is made, the user is redirected to the CASLoginURL to > obtain a new service ticket. When this new ticket is validated, > they will be assigned a new mod_auth_cas session. > > *Directive*: CASIdleTimeout > *Default*: 3600 (1 hour) > *Description*: This is a limit, in seconds, of how long a mod_auth_cas > session can be idle. > When a request comes in, if it has been inactive for CASIdleTimeout > seconds, the user is redirected to the CASLoginURL to obtain a new > service ticket > > I can also configure timeout parameters on Cas itself, in the > 'ticketExpirationPolicies.xml'. > I guess that the xml option is wider and I can configure more sets of > timeout parameters. > > But regarding those two I can configure on /etc/apache2/httpd.conf, are > there similar configurations on 'ticketExpirationPolicies.xml'? > Which one is being enforced? > > Both are enforced, and kick in under different circumstances. > Basically I want to set Idle connection timeout to 4 hours (have it > redirected to logout screen afterwards) and *not to have a hard limit > timeout at all,* > whatis the most suitable way of doing it? > > You'd want to set the idle timeout to 4 hours, and the hard timeout to some egregiously large value. There probably is some realistic upper bound where you want people to re-authenticate (even if it's something like 5 days to account for a work week). > Is there a way to set CASTimeout to "never" (setting it to '-1' or '0' > does not seem to work). > > An "infinite" hard timeout is not supported. > Thanks!! > > > > -- > * > Ronen Itkin* > Taykey | www.taykey.com > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
