Ticket #330 (closed defect: worksforme)
[s] we may need a bit of latitude on starting time for access certificates
| Reported by: | lawrence | Owned by: | pjkersha |
|---|---|---|---|
| Priority: | desirable | Milestone: | PreAlpha |
| Component: | security | Version: | |
| Keywords: | Cc: |
Description
AccessError?: Adding Credential: Current time 07/06/2006 17:58:53 is before Attribute Certificate's not before time of 07/06/2006 18:01:50
Clock slippage may cause trouble ...
Attachments
-
forPhil2.jpg
(71.0 KB) -
added by lawrence 14 years ago.
- Screenshot of the error message
Change History
Changed 14 years ago by lawrence
-
attachment
forPhil2.jpg
added
comment:1 Changed 14 years ago by lawrence
- Milestone changed from PreBeta to PreAlpha
Damn, I thought this was only a problem on my laptop, but it appears to be a problem on glue too ... can we set a 10 minute earlier than real time as a temporary not before time (we might need all ndg sites to use ntp in the longer term).
comment:2 Changed 14 years ago by pjkersha
- Status changed from new to closed
- Resolution set to fixed
Already come across this one :) You can make a 'window' to allow for clock slew by modifying the parameter
attCertNotBeforeOff
in the AA's configuration file /usr/local/NDG/conf/attAuthorityProperties.xml
Give a negative slew in seconds as required. It's currently set to -600 giving you a possible 10 minutes slew.
There's a note about using NTP in:
This is the best long term solution. I will also explicitly raise it as a ticket.
Screenshot of the error message