16 Oct
2013
16 Oct
'13
5 a.m.
Hi,
I've just sent a pull request that adds an option 'timeout' to rlm_exec and 'ntlm_auth_timeout' to rlm_mschap. Defaults are both 10s (the current setting). The ntlm_auth timeout can only be reduced... I can't imagine a correctly functioning AD domain where a successful auth takes >10s.
how does this sort of thing interplay with those people who are using the MSCHAP password retry feature - which would, I believe, cause the module itself not to return until the user has finally put in a succesful password - which might be longer than eg 30s alan