Question about a configuration entry in the eap.conf file
Alan DeKok
aland at ox.org
Fri Mar 17 21:17:18 CET 2006
"Terry Zarelli" <terry.zarelli at gmail.com> wrote:
> A list is maintained to correlate EAP-Response
> packets with EAP-Request packets. After a
> configurable length of time, entries in the list
> expire, and are deleted.
>
> timer_expire =3D 60
An EAP conversation spans multiple RADIUS packets. So the server
has to keep track of state to ensure that it doesn't forget about
ongoing conversations.
> What will happen if I change the timer value?
If you set it too low, the server will forget about EAP
conversations in the middle of the conversation. If you set it too
high, then someone can attack the server by sending it many partial
EAP conversations, and making the server remember them all.
What would you change the value to, and why? If you're not sure
what the configuration entry means, why would you want to change it?
Alan DeKok.
More information about the Freeradius-Users
mailing list