[krbdev.mit.edu #7911] OTP RADIUS tries one too few times and times out too quickly
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Fri May 16 21:42:21 EDT 2014
The KDC-side support for OTP RADIUS accepts two parameters in the token
configuration to control the total timeout and the number of retries.
These parameters are eventually handled by kr_remote_send, which
receives the timeout in milliseconds and the number of retries.
kr_remote_send divides the total timeout into an even number of pieces
per try:
timeout = timeout / (retries + 1);
When a request times out, on_timeout is called. It contains an off-by-
one error:
/* If we have more retries to perform, resend the packet. */
if (req->retries-- > 1) {
As a result, we make one try fewer than we should, and time out the
whole thing at (timeout / (retries + 1) * retries) milliseconds.
More information about the krb5-bugs
mailing list