[sr-dev] Crash - auth
Andrei Pelinescu-Onciul
andrei at iptel.org
Fri Oct 15 10:18:25 CEST 2010
On Oct 15, 2010 at 02:47, Alex Balashov <abalashov at evaristesys.com> wrote:
> On 10/15/2010 02:38 AM, Andrei Pelinescu-Onciul wrote:
>
> >Do you have both nonce_count and one_time_nonce enabled in the same
> >time? If so could you try with nonce_count disabled and see if you still
> >get this problem?
>
> I do have them both enabled concomitantly, but the documentation did
> not say I cannot.
Yes, it's a bug. It's just not something I've tested before, that's why
I've asked.
It should be fixed now.
>
> No, the crash does not happen if I disable nonce_count. But, in
> that situation, with the same code as in my initial report,
> responses are challenged at infinitum without successful credential
> acceptance. Presumably that is an artifact of nonce_count being 0.
That's very strange. It should work.
Could you send me a packet capture with re-challenged requests?
Could you try with the auth_checks_* commented out?
Could you also try only nonce_count and disabled one_time_nonce?
>
> >Could you send me all the auth modparam lines that you have in your
> >config? (nid_pool_no, nc_*, otn_in*)
>
> Sure:
>
> modparam("auth", "auth_checks_register", 15)
> modparam("auth", "auth_checks_no_dlg", 15)
> modparam("auth", "auth_checks_in_dlg", 7)
> modparam("auth", "qop", "auth")
> modparam("auth", "nonce_count", 1)
> modparam("auth", "one_time_nonce", 1)
> modparam("auth", "nid_pool_no", 4)
> modparam("auth", "nc_array_size", 8388608) # 8 MB.
> modparam("auth", "otn_in_flight_no", 8388608) # 8 MB
> modparam("auth", "nonce_expire", 600) # 10 minutes.
> modparam("auth", "nonce_auth_max_drift", 5) # 5 seconds
> modparam("auth", "force_stateless_reply", 0)
>
Andrei
More information about the sr-dev
mailing list