[OpenAFS] -hr option to fileserver, IP address-based ACL delay

Derrick Brashear shadow@gmail.com
Mon, 23 Aug 2010 13:14:10 -0400

On Mon, Aug 23, 2010 at 12:53 PM, Jeff Blaine <jblaine@kickflop.net> wrote:
> We'd like IP address-based ACLs to go live sooner than they do by
> default.
> =A0-hr <number of hours between refreshing the host cps>
> =A0Specifies how often the File Server refreshes its knowledge
> =A0of the machines that belong to protection groups (refreshes
> =A0the host CPSs for machines). The File Server must update
> =A0this information to enable users from machines recently
> =A0added to protection groups to access data for which those
> =A0machines now have the necessary ACL permissions.
> What's the default value?

2 hours

> Is there anything I need to know about setting this? =A0Obviously
> it's not something one wants to do frequently because its argument
> is in *hour* units. =A0Why not?

it hits the ptserver. so one lookup per client system IP from each
fileserver, every N hours.