SunScreen 3.1 Reference Manual

Other vars for RADIUS Configuration

The following additional variables are preinstalled and used to control the RADIUS client protocol; they are pre-ENABLED and generally need not be altered.

The requestor logic avoids contacting an unresponsive server for this many seconds:


edit> vars print PRG=auth
  PRG="auth" NAME="RADIUSHolddown" ENABLED VALUE="300" 
DESCRIPTION="seconds to ignore a non-responsive RADIUS server"

The requestor logic makes this many passes through the server list before giving up:


PRG="auth" NAME="RADIUSRetryPasses" ENABLED VALUE="3" 
DESCRIPTION="how many times to try each RADIUS server"

The name of the RADIUS server port, as given in the Service registry:


PRG="auth" NAME="RADIUSService" ENABLED VALUE="radius" 
DESCRIPTION="RADIUS service / port # at which to query server(s)"

The amount of time to wait for each response before sending another attempt:


PRG="auth" NAME="RADIUSTimeout" ENABLED VALUE="5" 
DESCRIPTION="seconds to await each RADIUS server response"

The requestor logic attempts to contact only servers that have not been held down during the first pass; subsequent passes contact each server regardless of previous nonresponsiveness. During the first pass, each server is contacted twice in a row before moving onto the next one. During subsequent passes, each server is only contacted once; a rough upper-bound on the overall time for total failure for all servers is:


# servers TIMES (#passes + 1) TIMES timeout

This is an upper-bound because of the way the first pass avoids recently unresponsive servers; a lower-bound would be:


# servers TIMES (#passes - 1) TIMES timeout 

So, for example, with two servers configured and using the default time-outs, the overall failure time-out would be less than 2 x (3 + 1) x 5 = 40 seconds, and greater than 2 x (3 - 1) x 5 = 20 seconds