PAM Module Patch and Feature
David Mitchell
mitchell at ucar.edu
Fri Mar 23 23:37:42 CET 2007
Frank Cusack wrote:
> On March 22, 2007 4:27:44 PM -0600 David Mitchell <mitchell at ucar.edu> wrote:
>> I think I figured out the source for the 'odd' behavior I was seeing. In
>> a nutshell, my timeout on the PAM module side was shorter than the delay
>> imposed by the freeradius server for bad passwords. I need to play
>> around more and find out what a 'safe' value is. Do you happen to know
>> where in the freeradius/otpd/lsmd chain the bad password delay is being
>> imposed? I can probably find it, but I'm guessing that you know.
>
> The radiusd.conf 'reject_delay' option. I always set this to 0.
Here's the really weird part. If I set reject_delay to 0, it works just
like I expect. But if I set it to some value like 1, which is the
default, it delays for about 30 seconds. Unless I run radiusd with -X to
see what's going on in which case it works as expected with a one second
delay. I'll keep digging into the cause to see if it's something in my
build or what.
It seems like if this was a common bug it would be reported by now, but
I did a quick search for reject_delay in the bug database and didn't
find anything. I'll see if I can figure it out.
-David
>
> -frank
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
--
-----------------------------------------------------------------
| David Mitchell (mitchell at ucar.edu) Network Engineer IV |
| Tel: (303) 497-1845 National Center for |
| FAX: (303) 497-1818 Atmospheric Research |
-----------------------------------------------------------------
More information about the Freeradius-Devel
mailing list