Reject delay fractional value
Aleš Rygl
ales at rygl.net
Thu Oct 30 15:57:18 CET 2014
On Wed, 29 Oct 2014 10:15:19 -0400, Alan DeKok wrote:
> Which you
don't explain here. Nice.
>
> "I can think of reasons why we can do X.
But... I won't tell you"
>
> Alan DeKok.
> -
Hello Alan.
Maybe I can
provide another use case when a lower minimum reject delay than 1s could
help. If you have a large setup with more that two or three Radius
servers chained you have to hunt every millisecond when tuning timeouts.
There may be backup servers and backup back-end LDAP/Database servers
with their timeouts, etc. It is not unusual to have such setup among
Telco operators. Access reject in such environment does not necessarily
mean a password guessing.
It might be even impossible to setup timeouts
correctly when the you insert a fixed reject delay of 1s in a chain
where you count tens of msec in order to fit into max overall request
time. Responses after 1s can be considered late.
Regards
Ales
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20141030/09ca7b01/attachment-0001.html>
More information about the Freeradius-Users
mailing list