On 02/01/2012 03:42 PM, Alexander Hartmaier wrote: Hello Alexander,
> I've encountered another problem. > I've written a bash script that downloads the crl once a day at one > o'clock in the morning local time and restarts radiator afterwards > because of the openssl crl caching. > The CRL lifetime ends about 30 minutes later and radiator rejects all > auths after that time because the crl isn't up2date any more. > Do you have a solution for downloading the crl in sync with its lifetime? There's nothing in goodies for this. If required, I would probably do this by checking the output from openssl crl -nextupdate command and then scheduling update based on that. A quick search for possible scripts found this candidate. Maybe it might be useful for ideas of how to do this? http://www.id.ee/11051 See 'Sample script for automatic renewal ...'. -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
