On Oct 15, 2010 at 02:47, Alex Balashov abalashov@evaristesys.com wrote:
On 10/15/2010 02:38 AM, Andrei Pelinescu-Onciul wrote:
Do you have both nonce_count and one_time_nonce enabled in the same time? If so could you try with nonce_count disabled and see if you still get this problem?
I do have them both enabled concomitantly, but the documentation did not say I cannot.
Yes, it's a bug. It's just not something I've tested before, that's why I've asked. It should be fixed now.
No, the crash does not happen if I disable nonce_count. But, in that situation, with the same code as in my initial report, responses are challenged at infinitum without successful credential acceptance. Presumably that is an artifact of nonce_count being 0.
That's very strange. It should work. Could you send me a packet capture with re-challenged requests? Could you try with the auth_checks_* commented out? Could you also try only nonce_count and disabled one_time_nonce?
Could you send me all the auth modparam lines that you have in your config? (nid_pool_no, nc_*, otn_in*)
Sure:
modparam("auth", "auth_checks_register", 15) modparam("auth", "auth_checks_no_dlg", 15) modparam("auth", "auth_checks_in_dlg", 7) modparam("auth", "qop", "auth") modparam("auth", "nonce_count", 1) modparam("auth", "one_time_nonce", 1) modparam("auth", "nid_pool_no", 4) modparam("auth", "nc_array_size", 8388608) # 8 MB. modparam("auth", "otn_in_flight_no", 8388608) # 8 MB modparam("auth", "nonce_expire", 600) # 10 minutes. modparam("auth", "nonce_auth_max_drift", 5) # 5 seconds modparam("auth", "force_stateless_reply", 0)
Andrei