[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Handle-info] Admin groups, HS_VLIST and the handle admin tool: caching issues?

To: handle-info@cnri.reston.va.us
Subject: [Handle-info] Admin groups, HS_VLIST and the handle admin tool: caching issues?
From: Scott Prater <sprater@doit.wisc.edu>
Date: Wed, 09 Apr 2008 12:06:50 -0500
List-archive: <http://www.handle.net/mailman/private/handle-info/>
List-help: <mailto:handle-info-request@cnri.reston.va.us?subject=help>
List-id: Handle System Information Mailing List <handle-info.cnri.reston.va.us>
List-post: <mailto:handle-info@cnri.reston.va.us>
List-subscribe: <http://www.handle.net/mailman/listinfo/handle-info>, <mailto:handle-info-request@cnri.reston.va.us?subject=subscribe>
List-unsubscribe: <http://www.handle.net/mailman/listinfo/handle-info>, <mailto:handle-info-request@cnri.reston.va.us?subject=unsubscribe>
Priority: normal
Sender: handle-info-admin@cnri.reston.va.us

While doing some testing, I ran into some odd behavior: I found I still had permission to modify a handle and its values in the handle admin tool even after the handle for the admin group to which I belonged was deleted.

Here are the steps to duplicate the behavior. I changed my test naming authority to 9999 below to protect the innocent.

1. Start handle admin tool, authenticate as 0.NA/9999 admin.

2. Create a new handle for authentication:

9999/ScottAuth
100: HS_ADMIN 0.NA/9999:300
300: HS_PUBKEY Public key for Scott

3. Create a new group authorization handle:

9999/AdminGroup
100: HS_ADMIN 0.NA/9999:300
200: HS_VLIST 9999/ScottAuth:300

4. Create a test handle, with permissions to modify given to AdminGroup:

9999/TestHandle
100: HS_ADMIN 0.NA/9999:300
101: HS_ADMIN 9999/AdminGroup:200 (ttl:86400)
500: URL http://www.nytimes.com/ (ttl: 86400)

5. Exit the handle tool, start it up again, authenticate with 9999/ScottAuth, and modify the URL value for 9999/TestHandle,

Up to this point, everything works as expected. You can modify the handle, once you're authenticated.

6. Exit the admin tool, start it up again, authenticate as 0.NA/9999, and delete the handle 9999/AdminGroup.

7. Query the handle 9999/AdminGroup, checking "Authoritative". As expected, I get a "HANDLE NOT FOUND" error.

8. Exit the handle tool, start it up again, authenticate with 9999/ScottAuth, and modify the URL value for 9999/TestHandle.

Even though the 9999/AdminGroup handle no longer exists, its values are cached, and you can modify the handle. Is this correct behavior?

To refresh permissions for 9999/TestHandle, I tried setting TTL value to 0 on both the 500:URL and 101:HS_ADMIN handle values with no luck: I was still able to modify the handle, even after closing the handle admin tool, restarting it, and reauthenticating. I also tried to refresh permissions by querying the 9999/TestHandle with the "Authoritative" box checked in the handle admin tool, with no luck: I was still able to modify the handle. Finally, the only way I could remove my authorization was by deleting the 101:HS_ADMIN value from 9999/TestHandle.

It seems like HS_VLIST authorization information is getting cached somewhere and not refreshed. Can others reproduce this problem, if it is indeed a problem? Am I missing something?

TIA,

-- Scott

--
Scott Prater
Library, Instructional, and Research Applications (LIRA)
Division of Information Technology (DoIT)
University of Wisconsin - Madison
prater@wisc.edu

_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info

Follow-Ups:
- Re: [Handle-info] Admin groups, HS_VLIST and the handle admin tool: caching issues?
  - From: Sean Reilly <sreilly@cnri.reston.va.us>

Prev by Date: Re: [Handle-info] Sloooow responses from handle.net
Next by Date: Re: [Handle-info] indirect handles actually implemented?
Previous by thread: [Handle-info] OpenHandle: An Update
Next by thread: Re: [Handle-info] Admin groups, HS_VLIST and the handle admin tool: caching issues?
Index(es):
- Date
- Thread