delayed Access Reject response
Florin Andrei
florin at andrei.myip.org
Tue Oct 30 20:48:16 CET 2007
manIP wrote:
> On 10/30/07, *Florin Andrei* <florin at andrei.myip.org
> <mailto:florin at andrei.myip.org>> wrote:
>
> If the password is incorrect, the Access Reject reply is delayed until
> the user enters the password the second time. It's like the server waits
> for the next auth attempt to send back the Reject.
>
> Look at "reject_delay" in radiusd.conf. May be that will answer your
> question.
It was set to 1, but the actual delay is clearly bigger than that. In
fact, it doesn't seem to be constant, it seems to wait until a new
request was sent, and then it unleashes the reject.
I set reject_delay to 0 and now there's no delay, but I'm not sure I
like it that way, due to possible brute-force attacks.
--
Florin Andrei
http://florin.myip.org/
More information about the Freeradius-Users
mailing list