The fileserver has an argument that allows this to be set to a number of hours. The default is 2 (or at least was.)
The argument is: [-hr <number of hours between refreshing the host cps>] -bash-4.1$ strings /usr/afs/bin/fileserver | grep built @(#) OpenAFS 1.6.5 built 2013-08-22 -bash-4.1$ /usr/afs/bin/fileserver -h Usage: fileserver [-auditlog <log path>] [-audit-interface <file|sysvmq> (default is file)] [-d <debug level>] [-p <number of processes>] [-spare <number of spare blocks>] [-pctspare <percentage spare>] [-b <buffers>] [-l <large vnodes>] [-s <small vnodes>] [-vc <volume cachesize>] [-w <call back wait interval>] [-cb <number of call backs>] [-banner (print banner every 10 minutes)] [-novbc (whole volume cbs disabled)] [-implicit <admin mode bits: rlidwka>] [-readonly (read-only file server)] [-hr <number of hours between refreshing the host cps>] [-busyat <redirect clients when queue > n>] [-nobusy <no VBUSY before a volume is attached>] [-rxpck <number of rx extra packets>] [-rxdbg (enable rx debugging)] [-rxdbge (enable rxevent debugging)] [-rxmaxmtu <bytes>] [-rxbind (bind the Rx socket to one address)] [-allow-dotted-principals (disable the rxkad principal name dot check)] [-vhandle-setaside (fds reserved for non-cache io [default 128])] [-vhandle-max-cachesize (max open files [default 128])] [-vhandle-initial-cachesize (fds reserved for cache io [default 128])] [-vattachpar <number of volume attach threads> (default is 1)] [-L (large server conf)] [-S (small server conf)] [-k <stack size>] [-realm <Kerberos realm name>] [-udpsize <size of socket buffer in bytes>] [-sendsize <size of send buffer in bytes>] [-abortthreshold <abort threshold>] [-nojumbo (disable jumbogram network packets - deprecated)] [-jumbo (enable jumbogram network packets)] [-sync <always | delayed | onclose | never>][-help] On Fri Aug 30 09:39:45 CDT 2013, Andrew Deason <[email protected]> wrote: > On Fri, 30 Aug 2013 09:16:02 -0400 (EDT) > [email protected] wrote: > >> I don't see an obvious positive answer to this, but is there any >> way >> to change the duration of the fileserver's CPS for users? > > No. There is no frequency/duration to change, since we do not > touch the > client CPS after the connection has been established. > > For anyone reading that doesn't know what "CPS" means, look up > "Current > Protection Subdomain". It's basically the list of group ids a > user is > in, so you need to recalculate CPS to reflect a change in group > membership. > >> It seems that the ability to shorten this from the token >> lifetime to a >> shorter, but still reasonable value -- a few hours -- would be a >> good >> idea, at least for fileservers and ptservers that aren't >> overloaded. > > I'm not sure why you want to do this. I believe the design behind > this > was to emulate standard unix group calculation; your groups are > assigned > when you login, and if you want group changes to take effect, you > logout > and login again. (or with AFS, you can just re-aklog) > > You can, of course, just lower the maximum token lifetime. Or, > you can > trigger it manually. You should be able to manually recalculate > CPS in > 1.6.6 by running a command, if you want to trigger it based on an > event > (e.g. revoking someone's rights). > > -- Andrew Deason > [email protected] > > _______________________________________________ > OpenAFS-info mailing list > [email protected] > https://lists.openafs.org/mailman/listinfo/openafs-info >
