Cookie auth rejected by ocserv on reconnect

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, Jan 25, 2015 at 8:06 PM, Nikos Mavrogiannopoulos
<nmav at gnutls.org> wrote:
>> ocserv[4622]: main: 121.34.241.154:50274 sending message 'auth cookie
>> reply' to worker
>> ocserv[4688]: worker: 121.34.241.154:50274 received auth reply message
>> (value: 3)
>> ocserv[4688]: worker: 121.34.241.154:50274 error receiving cookie
>> authentication reply
>> ocserv[4688]: worker: 121.34.241.154:50274 failed cookie authentication attempt
>> Is auth cookie somehow affected by my client certificate `cn` and `unit`?
> No. I believe it is a side-effect of the new session control introduced
> due to radius. It seems that sessions in the security module are expired
> sooner than expected, and that's why you notice that issue. I've
> submitted a correction into git, but I'll need to review the whole
> process sometime later.

I did review it and found it overly complex. I've now simplified the
session control, by having the security module check time and decide
the validity of a cookie. That should handle all existing use cases
(there are now tests for them), but if I missed anything let me know.

regards,
Nikos



[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux