15 Oct
2010
15 Oct
'10
11:18 a.m.
On Oct 15, 2010 at 02:47, Alex Balashov <abalashov(a)evaristesys.com> wrote:
Andrei
On 10/15/2010 02:38 AM, Andrei Pelinescu-Onciul
wrote:
Yes, it's a bug. It's just not something I've tested before, that's why
I've asked.
It should be fixed now.
Do you have both nonce_count and one_time_nonce
enabled in the same
time? If so could you try with nonce_count disabled and see if you still
get this problem?
I do have them both enabled concomitantly, but the documentation did
not say I cannot.
No, the crash does not happen if I disable nonce_count. But, in
that situation, with the same code as in my initial report,
responses are challenged at infinitum without successful credential
acceptance. Presumably that is an artifact of nonce_count being 0.
That's very strange. It should work.
Could you send me a packet capture with re-challenged requests?
Could you try with the auth_checks_* commented out?
Could you also try only nonce_count and disabled one_time_nonce?
Could you send me all the auth modparam lines that
you have in your
config? (nid_pool_no, nc_*, otn_in*)
Sure:
modparam("auth", "auth_checks_register", 15)
modparam("auth", "auth_checks_no_dlg", 15)
modparam("auth", "auth_checks_in_dlg", 7)
modparam("auth", "qop", "auth")
modparam("auth", "nonce_count", 1)
modparam("auth", "one_time_nonce", 1)
modparam("auth", "nid_pool_no", 4)
modparam("auth", "nc_array_size", 8388608) # 8 MB.
modparam("auth", "otn_in_flight_no", 8388608) # 8 MB
modparam("auth", "nonce_expire", 600) # 10 minutes.
modparam("auth", "nonce_auth_max_drift", 5) # 5 seconds
modparam("auth", "force_stateless_reply", 0)