On Wed, 29 Oct 2014 10:15:19 -0400, Alan DeKok wrote:
Which you don't explain here. Nice. "I can think of reasons why we can do X. But... I won't tell you" Alan DeKok. -
Hello Alan.
Maybe I can provide another use case when a lower minimum reject delay than 1s could help. If you have a large setup with more that two or three Radius servers chained you have to hunt every millisecond when tuning timeouts. There may be backup servers and backup back-end LDAP/Database servers with their timeouts, etc. It is not unusual to have such setup among Telco operators. Access reject in such environment does not necessarily mean a password guessing.
It might be even impossible to setup timeouts correctly when the you insert a fixed reject delay of 1s in a chain where you count tens of msec in order to fit into max overall request time. Responses after 1s can be considered late.
Regards
Ales