ST Wong (ITSC) wrote:
We’re using 2.2.0 on RHEL 6.2 using LDAPS as authentication backend. The servers are running well over 2 years until recently. The server fails with SIGSEGV or SIGABRT whenever there is ‘burst’ of authentication requests, say over 100 requests in the same second. In the SIGSEGV case, coredump shows: ... 2410 if (strcmp(TLS_DEFAULT_VERIFY, inst->tls_require_cert ) != 0 ) {
TLS_DEFAULT_VERIFY is a static string. int->tls_require_cert is initialized when the module loads, and s never changed. The issue is some kind of memory corruption. i.e. it's not this line, it's elsewhere.
Besides, as we must use LDAP for authentication backend which maybe a bottleneck, is it feasible to have kind of QoS/rate control for incoming authentication requests, and/or some LDAP authentication result caching? Sorry for the naïve questions. Thanks again.
You can't do LDAP result caching, sorry. There's also no ability to do rate control on incoming authentication. You may try the v2.x.x branch from git. It may have fixes which solve this issue. Alan DeKok.