shibboleth-dev - MySQL Credential Cache
Subject: Shibboleth Developers
List archive
- From: Derek Atkins <>
- To:
- Subject: MySQL Credential Cache
- Date: 16 Apr 2003 18:51:59 -0400
I just checked in two sets of code. First I committed changes to Shib
to allow a plug-in to register a Credential Cache. Second, I
committed my MySQL Credential Cache, which was working for me on my
Linux system, using my rebuilt MySQL package.
The mysql ccache lives in its own CVS hierarchy... It's called
"sipb-mysql-ccache" and you can check it out in the same way you'd
check out the shib or saml code.
I still have to write documentation on how to use/configure the
plugin, but here is the short of it.
Enjoy!
-derek
1) load the module by adding it to the [extensions:saml] section in
the ini file:
mysql = /opt/shibboleth/lib/libshib-mysql-ccache.so
2) You can use the new cache by setting the cacheType to "mysql", like:
cacheType = mysql
3) You can configure two timeout periods; the cacheTimeout configures
how long a session is cached in RAM, and there is a new
"mysql-cache-timeout" that defines how long a session is cached in
the database. This allows you to set something like:
cacheTimeout = 60
mysql-cache-timeout = 240
This means that sessions remain in the database for 8 hours, but
they will be removed from RAM cache after one hour. This lets you
tune your memory usage by flushing your sessions from the database
and from RAM over different periods of time.
If you choose not to set the mysql-cache-timeout, it will use the
cacheTimeout value. The default timeout is 8 hours. The recheck
time is shared with the memory cache, and is still set using the
cacheClean option. The default recheck period is 5 minutes.
4) You can add additional MySQL configuration options by putting them
into the [mysql] section of the ini file. For example, if you want
to set the location where mysql will store the shar datafiles, you
can set a value like:
arg0 = --datadir=/home/shibboleth/data
The 'arg0' part is ignored (but each one much be unique); the rest
of the line is supplied to MySQL. Other potential arguments are
available; see the MySQL documentation for more information.
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
PGP key available
------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
------------------------------------------------------mace-shib-design--
- MySQL Credential Cache, Derek Atkins, 04/16/2003
Archive powered by MHonArc 2.6.16.