[RADIATOR] Timeout setting for Authby GROUP ?

Hugh Irvine hugh at open.com.au
Sun Feb 21 21:47:46 CST 2010 

Hello Markus -

We haven't been able to come up with a "good" way of doing this in the current version of Radiator.

The only thing I can think of is an AuthBy INTERNAL with an AuthHook that implements timeouts and calls the "real" AuthBy's.

However, not all of the existing AuthBy's will cooperate nicely with such a scheme.

The only other suggestion is to modify the AuthBy that you are already using so it does in fact implement a timeout.

regards

Hugh


On 21 Feb 2010, at 22:55, Markus Moeller wrote:

> Hi Hugh,
> 
>   I use Authby PAM with pam_krb5 to authenticate against AD.   There are cases where finding the servers is delayed (e.g. DNS problem or AD is unavailable.).  As I have more than one AD domain I have to check each seperatly (usernames are guarantueed to be unique over the domains)
> 
> <AuthBy GROUP>
>        Identifier MyAuthentication
>        AuthByPolicy ContinueUntilAccept
>        AuthBy PAM_domain1
>        AuthBy PAM_domain2
>        AuthBy ...
> </AuthBy>
> 
> The overall time shouldn't be over 10 sec. So if the first domain has a problem all users have a problem. Unfortunately I can not use a REALM to differentiate the user and use seperate AuthBy groups.
> 
> I haven't tried AuthBy Krb5 yet, but I think PAM and Krb5 do not have a timeout option.
> 
> Regards
> Markus
> 
> ----- Original Message ----- From: "Hugh Irvine" <hugh at open.com.au>
> To: "Markus Moeller" <huaraz at moeller.plus.com>
> Cc: <radiator at open.com.au>
> Sent: Saturday, February 20, 2010 10:42 PM
> Subject: Re: [RADIATOR] Timeout setting for Authby GROUP ?
> 
> 
> 
> Hello Markus -
> 
> You don't say what type of AuthBy the group members are.
> 
> What are Auth1, Auth2, Auth3?
> 
> Most AuthBy clauses have Timeout settings, although the AuthBy GROUP itself does not.
> 
> regards
> 
> Hugh
> 
> 
> On 20 Feb 2010, at 23:03, Markus Moeller wrote:
> 
>> 
>> HI,
>> 
>>  Is there a way to set a timout per Authby statement in an Authby group ?
>> 
>>  If I define an Authby group as below I know that my radius/tacacs client has a timeout of 10 sec.  Can I say that if Authby Auth1 takes longer then 3sec try AuthBy Auth2 and so on ?
>> 
>> <AuthBy GROUP>
>>        Identifier MyAuthentication
>>        AuthByPolicy ContinueUntilAccept
>>        AuthBy Auth1
>>        AuthBy Auth2
>>        AuthBy Auth3
>> </AuthBy>
>> How do other Radiator users manage timout issues in AuthBy groups ?
>> 
>> Thank you
>> Markus
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
> 
> 
> 
> NB:
> 
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> 
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
> 
> 
> 
> 
> 
> 



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list