[321] in Info-AFS_Redistribution

home help back first fref pref prev next nref lref last post

Re: the dangers of not using unlog

daemon@ATHENA.MIT.EDU (reuss@ni.umd.edu)
Fri Sep 20 10:45:12 1991

To: Info-AFS@transarc.com
In-Reply-To: Your message of Thu, 19 Sep 91 23:59:37 -0400.
Date: Fri, 20 Sep 91 09:52:06 EDT
From: reuss@ni.umd.edu

> One other note, the kernel enforces a 10 second wait if a setpag call has
> been called in the last 10 seconds for security reasons.  This is even 
> done is the caller is root causing unreasonable delays in the calls
> at times on multiuser machines.

This 10 second limitation obviously means you can only expect 6
authenticated connections to a machines per minutes, but in reality I found
it was even less than this.  The AFS login and ftp programs seems to do a
setpag each time a user tries a different password.  Each typo on a users
part means another 10 second wait for anyone attempting to connect to the
system.  In fact the ftpd program seems to do an extra initial setpag, thus
only allowing a maximum of 3 ftp connections per minute.  Recoding login
and ftpd to only do a single setpag per connection can improve thing 
somewhat.

-Karl Reuss



home help back first fref pref prev next nref lref last post