Segmentation fault with LDAP authentication and rate control?
Alan DeKok
aland at deployingradius.com
Tue Oct 29 14:57:33 CET 2013
ST Wong (ITSC) wrote:
> We’re using 2.2.0 on RHEL 6.2 using LDAPS as authentication backend.
> The servers are running well over 2 years until recently. The server
> fails with SIGSEGV or SIGABRT whenever there is ‘burst’ of
> authentication requests, say over 100 requests in the same second. In
> the SIGSEGV case, coredump shows:
...
> 2410 if (strcmp(TLS_DEFAULT_VERIFY, inst->tls_require_cert )
> != 0 ) {
TLS_DEFAULT_VERIFY is a static string. int->tls_require_cert is
initialized when the module loads, and s never changed.
The issue is some kind of memory corruption. i.e. it's not this line,
it's elsewhere.
> Besides, as we must use LDAP for authentication backend which maybe a
> bottleneck, is it feasible to have kind of QoS/rate control for incoming
> authentication requests, and/or some LDAP authentication result
> caching? Sorry for the naïve questions. Thanks again.
You can't do LDAP result caching, sorry. There's also no ability to
do rate control on incoming authentication.
You may try the v2.x.x branch from git. It may have fixes which solve
this issue.
Alan DeKok.
More information about the Freeradius-Users
mailing list