Uploaded image for project: 'LCGDM Development'
  1. LCGDM Development
  2. LCGDM-2699

Check if we can/should turn off CRL validation on disk servers

    XMLWordPrintable

    Details

    • Type: Suggestion
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: DPM-HTTPD
    • Security Level: Public Data (This ticket is visible to anyone on the internet and will be indexed by search engines)
    • Labels:
      None

      Description

      Apache can be configured to authenticate in the absence of CRLs. For most operations (apart from delegation) these are checked on the head node in any case so could be avoided on the disk.

      The advantage would be that we can remove apache restarts which disrupt transfers on CentOS7.

      At the moment, disk servers are configured to expose the logical namespace, thus one can access the system bypassing the head node. This is a result of shipping a single example apache config file which is used for both head and disk, it's not necessary for the system.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              furano Fabrizio Furano
              Reporter:
              okeeble Oliver Keeble
              Component Watchers:
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated: