[ I'm reposting this because Jeff's mail is still getting marked ] [ as spam by the Gna! mail server. -Chris ]
Date: Wed, 20 Dec 2006 07:55:42 -0500 From: Jeff Squyres <[EMAIL PROTECTED]> To: Chris Dunlap <[EMAIL PROTECTED]> cc: [email protected] Subject: Re: [munge-users] munged running at 100% Chris -- This worked perfectly, thanks! I added OPTIONS="-f --group-update-time=-1" to my sysconfig/munge file, and it works like a champ. Will you do a 0.5.7 release with this new stuff? I'm perfectly happy to continue using a snapshot; whatever is easiest for you. I also did a little more poking around w.r.t. NIS (I am a NIS newbie -- forgive me; there's probably some fairly obvious controls for this stuff somewhere that I'm unaware of). I found that my /etc/group file *is* changing, so munge was doing exactly the Right Thing in re- creating the hash map. Specifically, NIS seems to be updating my / etc/group file to be the NIS group file every so often. I don't know where/when this is happening yet, but I'll be tracking it down. Again, I want to stress that I think the majority of these issues are problems with my local setup (the fact that I'm an NIS newbie is probably contributing to the problems...), but I deeply appreciate the workarounds that I now have in munge. Thanks! If there's any further testing that you'd like in an NIS environment, feel free to ask. On Dec 20, 2006, at 1:15 AM, Chris Dunlap wrote: > I've uploaded another snapshot to <http://dl.gna.org/munge/alpha/>. > > I've added the following cmdline opts to munged. This makes it easier > than having to twiddle munge_defs.h and recompile, etc. > > --check-group-mtime=<boolean> > Specify whether the modification time of "/etc/group" > should be checked before updating the supplementary group > membership mapping. If this value is non-zero, the check > will be enabled and the mapping will not be updated unless > the file has been modified since the last update. > > --group-update-time=<integer> > Specify the number of seconds between updates to the > supplementary group membership mapping; this mapping is > used when restricting credentials by GID. A value of > 0 causes it to be computed initially but never updated > (unless triggered by a SIGHUP). A value of -1 causes it > to be disabled. > > One of these days, I'll get around to adding a config file. > Until then, you can add the options to /etc/{default,sysconfig}/munge. > > I still need to look into why the gids mapping update ran repeatedly > under NIS (presuming the /etc/group mtime didn't change). And I'll > do some more testing on all of this tomorrow. > > -Chris -- Jeff Squyres Server Virtualization Business Unit Cisco Systems _______________________________________________ munge-users mailing list [email protected] https://mail.gna.org/listinfo/munge-users
