pam_radius_auth: simultaneous requests for improved failover behaviour

Stefan Winter stefan.winter at restena.lu
Mon Apr 28 13:20:27 CEST 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

|> I know that this is kindof hacky. It introduces double load on the
|> backend servers. It does appear to solve our problem though. :-)
|
| Why not configure your radius servers in a fail-over setup or add a load
| balancer that can took dead servers out of roulation?

Well, we *do* have two servers in a failover config. The problem is the
stateless nature of PAM: it gets called anew whenever a user
authenticates. If the first server is down, it will still ask the dead
server on the next login attempt because it forgets about the server
state. I.e. it will ALWAYS time out on the first - there is no "taking
out of rotation".
To my best knowledge there is no way for PAM modules to maintain state
between calls.

Greetings,

Stefan Winter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFIFbL7+jm90f8eFWYRAgnpAJsE05lbGe4FqKR/1CqVysmpCX3p3QCfXZYA
Kkv62FiiVYwsEmllSyhx3vI=
=pf41
-----END PGP SIGNATURE-----



More information about the Freeradius-Devel mailing list