Issues with sasl under heavy load, configuration issue?

Carson Gaspar carson at taltos.org
Mon Apr 7 18:15:39 EDT 2008


Howard Chu wrote:
> Paul Hasenohr wrote:
> 
>> I am running Debian Etch with current Debian packages:
>>     * slapd 2.3.30-5
>>     * sasl2-bin 2.1.22.dfsg1-8
>>     * libsasl2-2 2.1.22.dfsg1-8
>>     * krb5-kdc 1.4.4-7etch5
>>
>> Could anyone please tell me if this behaviour is to be expected or how
>> this could be improved?
> 
> Best advice - use Heimdal Kerberos. MIT Kerberos code quality is poor, 
> and thread safety is still unproven.

And the sky is blue, and that has NOTHING to do with the problem.

The problem is _exactly_ what the log says it is. The client is sending 
multiple identical auth requests, which the KDC is (properly) rejecting 
as a replay attack. Google shows many hits for a similar bug in 
mod_auth_kerb.

-- 
Carson


More information about the Cyrus-sasl mailing list