Subject: | OTP RADIUS tries one too few times and times out too quickly |
The KDC-side support for OTP RADIUS accepts two parameters in the token
configuration to control the total timeout and the number of retries.
These parameters are eventually handled by kr_remote_send, which
receives the timeout in milliseconds and the number of retries.
kr_remote_send divides the total timeout into an even number of pieces
per try:
timeout = timeout / (retries + 1);
When a request times out, on_timeout is called. It contains an off-by-
one error:
/* If we have more retries to perform, resend the packet. */
if (req->retries-- > 1) {
As a result, we make one try fewer than we should, and time out the
whole thing at (timeout / (retries + 1) * retries) milliseconds.
configuration to control the total timeout and the number of retries.
These parameters are eventually handled by kr_remote_send, which
receives the timeout in milliseconds and the number of retries.
kr_remote_send divides the total timeout into an even number of pieces
per try:
timeout = timeout / (retries + 1);
When a request times out, on_timeout is called. It contains an off-by-
one error:
/* If we have more retries to perform, resend the packet. */
if (req->retries-- > 1) {
As a result, we make one try fewer than we should, and time out the
whole thing at (timeout / (retries + 1) * retries) milliseconds.