[321] in Info-AFS_Redistribution
Re: the dangers of not using unlog
daemon@ATHENA.MIT.EDU (reuss@ni.umd.edu)
Fri Sep 20 10:45:12 1991
To: Info-AFS@transarc.com
In-Reply-To: Your message of Thu, 19 Sep 91 23:59:37 -0400.
Date: Fri, 20 Sep 91 09:52:06 EDT
From: reuss@ni.umd.edu
> One other note, the kernel enforces a 10 second wait if a setpag call has
> been called in the last 10 seconds for security reasons. This is even
> done is the caller is root causing unreasonable delays in the calls
> at times on multiuser machines.
This 10 second limitation obviously means you can only expect 6
authenticated connections to a machines per minutes, but in reality I found
it was even less than this. The AFS login and ftp programs seems to do a
setpag each time a user tries a different password. Each typo on a users
part means another 10 second wait for anyone attempting to connect to the
system. In fact the ftpd program seems to do an extra initial setpag, thus
only allowing a maximum of 3 ftp connections per minute. Recoding login
and ftpd to only do a single setpag per connection can improve thing
somewhat.
-Karl Reuss