next up previous
Next: Service Proxy Renew Cron Up: Service Proxy Configuration Previous: Manual Configuration

Service Proxy Renew Cron Installation (non-LCFG)

To renew the service proxy for Tomcat (since, by default, it has only a 24 hour lifetime). The script:

${EDG_LOCATION}/etc/cron/edg-java-security-container-proxy-renew-cron
should be run periodically to renew the service proxy. The suggested frequency is every 12 hours. The script requires access to the hostkey and therefore must be run as a root cron.

The cron job can be set manually using command

crontab -e

and the cron entry for crl update should for example look like:

53 0,12 * * * /opt/edg/etc/cron/edg-java-security-container-proxy-renew-cron

Note that the cron interval, proxy lifetime and SECURITY.PROXY.UPDATE.INTERVAL depend on eachother. In the defaul installation everything is OK, but if changing the defaults can bring problems. Obviously proxy lifetime has to be longer than the cron frequency to prevent the proxy from expiring before it gets updated. But, the SECURITY.PROXY.UPDATE.INTERVAL which defines how ofter the tomcat reloads the service proxy has to be less than (proxy lifetime)-(cron interval).



2004-05-05