A.L.M.Buxey@lboro.ac.uk wrote:
however, when running freeradius is debug mode, with -X, the Reject reply message is pretty fast...though still a lot slower than an Access-Accept message for a valid user - even though the valid user is in a database or a kerberos check. I assumed that a Auth-Type := Reject was an instant hit, with no further procedures... why then, when run
security { # delayed_reject: When sending an Access-Reject, it can be # delayed for a few seconds. This may help slow down a DoS # attack. It also helps to slow down people trying to brute-force # crack a users password. # # Setting this number to 0 means "send rejects immediately" reject_delay = 1 }
in debug mode, does FreeRADIUS happily reject the client request but when run as a normal process, it throws the request towards other Auth mechanisms?
I'm not sure about *that* aspect of it. I've never seen it. But rejects are delayed in the default config.