Re: (PM) Double Login

Miquel van Smoorenburg (list-portmaster-users@news.cistron.nl)
21 Nov 1997 23:00:41 +0100

In article <Pine.BSI.3.95.971121145426.21634D-100000@maslow.cia-g.com>,
Stephen Fisher <lithium@cia-g.com> wrote:
>On 21 Nov 1997, Miquel van Smoorenburg wrote:
>
>> Yes, that's exactly what it does. You do get a double login occasionally
>> (once a week or less maybe), but this system always errs on the safe
>> side..
>
>Hmm.. it is good that it errors on the safe side but what can be done to
>reduce the chance of it letting a double login go even more? Is it not
>getting accounting start and stop packets correctly?

You can't do much about it. The portmaster can delay accounting packets
if it wants, or if you happen to have some packetloss. Consider the
following scenario:

1. luser logs in on port S8
2. accounting packet for S8 gets a bit delayed
3. luser logs in on port S10
4. accounting packets for S8 and S10 hit radiusd a bit later

It could be solved by adding a small, short-lived authentication cache
that is also checked for double logins (with the extra OOB SNMP check).
That would also catch these cases. However I'm not sure if that's
worth the trouble.

Mike.

-- 
   Miquel van      | Cistron Internet Services   --    Alphen aan den Rijn.
   Smoorenburg,    | mailto:info@cistron.nl          http://www.cistron.nl/
miquels@cistron.nl |       PTT's Het Net: Surfen in de gootsteen!	<*>

-- 
The From: and Reply-To: addresses are internal mail2news gateway addresses.
Reply to the list or to miquels@cistron.nl (Miquel van Smoorenburg)
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.