A.L.M.Buxey@lboro.ac.uk wrote:
however, when running freeradius is debug mode, with -X, the Rejectreply message is pretty fast...though still a lot slower than an Access-Accept message for a valid user - even though the valid useris in a database or a kerberos check. I assumed that a Auth-Type := Reject was an instant hit, with no further procedures... why then, when run
security {
# delayed_reject: When sending an Access-Reject, it can be
# delayed for a few seconds. This may help slow down a DoS
# attack. It also helps to slow down people trying to brute-force
# crack a users password.
#
# Setting this number to 0 means "send rejects immediately"
reject_delay = 1
}
in debug mode, does FreeRADIUS happily reject the client request but when run as a normal process, it throws the request towards other Auth mechanisms?
I'm not sure about *that* aspect of it. I've never seen it. But rejects are delayed in the default config.