Shorten security session duration for c-gahp


When a collector or schedd in a remote Condor pool restarts, the c-gahp's security session to those daemons will no longer work. The remote daemons will attempt to send a DC_INVALIDATE_KEY message to the c-gahp the first time it tries to use the now-invalid session. But this message will be blocked if the c-gahp's machine is behind a firewall that blocks most ports, as the c-gahp can't use the Condor shared_port. This results in the c-gahp repeatedly trying to use the invalid session until the session duration expires (default 1 day).

To minimize the effects of this problem, we should shorten the c-gahp default security session duration to something like 30 minutes. This still gives us some benefit from session reuse.


Todd L Miller
March 3, 2021, 10:30 PM

Code Review

Looks good to me.

Time remaining



Jaime Frey