[RADIATOR] AuthBy DUO issue

Alexander.Hartmaier at t-systems.com Alexander.Hartmaier at t-systems.com
Mon Aug 16 16:23:45 UTC 2021


Hi,
that sounds like a sane solution.

A simpler might be to mark Duo dead for a configurable number of seconds after which it's marked as alive again without a check. The next authentication would then either work or again trigger marking it as dead.

Thanks, Alex

T-SYSTEMS AUSTRIA GESMBH
PU Cyber Security
Network Architecture
Operation Manager Authentication
Rennweg 97-99, A-1030 Vienna
+43 57057 4320 (phone)
+43 676 8642 4320 (mobile)
E-mail: alexander.hartmaier at t-systems.com
Internet: www.t-systems.at
Blog: blog.t-systems.at
Social Media: Facebook, Linkedin, Twitter

BIG CHANGES START SMALL – CONSERVE RESOURCES BY NOT PRINTING EVERY E-MAIL.

****************************************************************************************************************
T-Systems Austria GesmbH, Rennweg 97-99, A-1030 Vienna
Commercial Court Vienna, FN 79340b
****************************************************************************************************************
Notice: This transmittal and/or attachments may be privileged or confidential. It is
intended solely for the addressee named above. If you received this transmittal in error,
please notify us immediately by reply and delete this message and all its attachments.
Thank you.
****************************************************************************************************************
________________________________
Von: radiator <radiator-bounces at lists.open.com.au> im Auftrag von Heikki Vatiainen <hvn at open.com.au>
Gesendet: Mittwoch, 14. Juli 2021 20:26
An: radiator at lists.open.com.au <radiator at lists.open.com.au>
Betreff: Re: [RADIATOR] AuthBy DUO issue

On 13.7.2021 18.05, Alexander.Hartmaier at t-systems.com wrote:

> We've encountered another issue today: when CheckTimerInterval is
> configured to 0, to disable the periodic DUO API check which fills our
> log and generated unnecessary traffic and load, the API never recovers
> when marked as dead.

That seems to be correct, but likely not expected.

> Do you have a suggestion how to solve this besides configuring
> CheckTimerInterval for something else?

Currently there is nothing to solve this. A strategy, such as starting
the poll timer when the API is down and letting it poll until it's up,
would be needed.

If you have a preferred idea, please let us know.

Thanks,
Heikki

--
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
_______________________________________________
radiator mailing list
radiator at lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20210816/60989b86/attachment.html>


More information about the radiator mailing list