There's actually different expiration policies for TGTs that can prevent that. I would take a look at them if you have not.
Though I'm also surprised the browser didn't stop that insanity! On Tue, Sep 13, 2011 at 11:44 AM, Ourada, John <[email protected]> wrote: > We ran into a problem over the weekend and yesterday where a single user > was able to affect performance of our current production cas server (3.4.6 > on Tomcat 6.0.28 on Windows). We haven’t moved to our new HA setup using > Linux and Terracotta : (.**** > > ** ** > > An external organization is working with us to provide services to our > Library and students and we are using CAS for the authentication component. > **** > > ** ** > > The organization had a really really bad bug in their software that caused > them to fail the validation and send the client back to us for > authentication. The client was actually authenticated and so were sent back > to the organization with a new ServiceTicket. This happened really fast… I > logged 20K ST’s for this user in under 10 minutes yesterday alone. **** > > ** ** > > I see where I can throttle UNsuccessful login attempts, but what about > successful ones : ).**** > > ** ** > > -john**** > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
