Issues with sasl under heavy load, configuration issue?

Carson Gaspar carson at taltos.org
Mon Apr 7 18:24:04 EDT 2008


Carson Gaspar wrote:
> Howard Chu wrote:
>> Paul Hasenohr wrote:
>>
>>> I am running Debian Etch with current Debian packages:
>>>     * slapd 2.3.30-5
>>>     * sasl2-bin 2.1.22.dfsg1-8
>>>     * libsasl2-2 2.1.22.dfsg1-8
>>>     * krb5-kdc 1.4.4-7etch5
>>>
>>> Could anyone please tell me if this behaviour is to be expected or how
>>> this could be improved?
>>
>> Best advice - use Heimdal Kerberos. MIT Kerberos code quality is poor, 
>> and thread safety is still unproven.
> 
> And the sky is blue, and that has NOTHING to do with the problem.
> 
> The problem is _exactly_ what the log says it is. The client is sending 
> multiple identical auth requests, which the KDC is (properly) rejecting 
> as a replay attack. Google shows many hits for a similar bug in 
> mod_auth_kerb.

I tracked down what may be the mod_auth_kerb fix, if anyone cares to 
look at it:

http://modauthkerb.cvs.sourceforge.net/modauthkerb/mod_auth_kerb/src/mod_auth_kerb.c?r1=1.75&r2=1.76&view=patch

-- 
Carson


More information about the Cyrus-sasl mailing list