Frank Cusack wrote:
On March 22, 2007 4:27:44 PM -0600 David Mitchell <mitchell@ucar.edu> wrote:
I think I figured out the source for the 'odd' behavior I was seeing. In a nutshell, my timeout on the PAM module side was shorter than the delay imposed by the freeradius server for bad passwords. I need to play around more and find out what a 'safe' value is. Do you happen to know where in the freeradius/otpd/lsmd chain the bad password delay is being imposed? I can probably find it, but I'm guessing that you know.
The radiusd.conf 'reject_delay' option. I always set this to 0.
Here's the really weird part. If I set reject_delay to 0, it works just like I expect. But if I set it to some value like 1, which is the default, it delays for about 30 seconds. Unless I run radiusd with -X to see what's going on in which case it works as expected with a one second delay. I'll keep digging into the cause to see if it's something in my build or what. It seems like if this was a common bug it would be reported by now, but I did a quick search for reject_delay in the bug database and didn't find anything. I'll see if I can figure it out. -David
-frank - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
-- ----------------------------------------------------------------- | David Mitchell (mitchell@ucar.edu) Network Engineer IV | | Tel: (303) 497-1845 National Center for | | FAX: (303) 497-1818 Atmospheric Research | -----------------------------------------------------------------