Description
Hi,
I'm using iRODS version 4.3.1 with metalnx latest (should be 2.6.1), both pretty new installed. I authenticate my users via PAM and LDAP.
After two minutes of being logged in, my regular users get the error "An unexpected error has happened. Please, contact your system administrator." when accessing Collections, Public or Trash. They were still logged into Metalnx but were locked out of iRODS. It doesn't happen with my admin account.
I've got this in the iRODS-log:
{"log_category":"api","log_level":"info","log_message":"rsAuthCheck: chlCheckAuth status = -827000","request_api_name":"AUTH_RESPONSE_AN","request_api_number":704,"request_api_version":"d","request_client_user":"$USERNAME","request_host":"$SOME_IP","request_proxy_user":"$USERNAME","request_release_version":"rods3.2","server_host":"$PROVIDER","server_pid":2170453,"server_timestamp":"2024-04-23T09:10:33.331Z","server_type":"agent","server_zone":"$ZONE"}
The first thing that I thought of that could match with the two minute time range was password_min_time (https://docs.irods.org/4.3.1/system_overview/configuration/#configuring-authentication-in-r_grid_configuration), and I think there was some tweaking with that in 4.3, so I gave it a shot:
iadmin set_grid_configuration authentication password_min_time 60
And now it happens every minute. So this setting seems to be the issue.
I've set it to an hour, which should be reasonably long enough for my users, but it feels unelegant. Is there a Metalnx setting I should use instead?
Kind regards
Kaly