Hi, that sounds like a sane solution. A simpler might be to mark Duo dead for a configurable number of seconds after which it's marked as alive again without a check. The next authentication would then either work or again trigger marking it as dead.
Thanks, Alex T-SYSTEMS AUSTRIA GESMBH PU Cyber Security Network Architecture Operation Manager Authentication Rennweg 97-99, A-1030 Vienna +43 57057 4320 (phone) +43 676 8642 4320 (mobile) E-mail: [email protected] Internet: www.t-systems.at Blog: blog.t-systems.at Social Media: Facebook, Linkedin, Twitter BIG CHANGES START SMALL – CONSERVE RESOURCES BY NOT PRINTING EVERY E-MAIL. **************************************************************************************************************** T-Systems Austria GesmbH, Rennweg 97-99, A-1030 Vienna Commercial Court Vienna, FN 79340b **************************************************************************************************************** Notice: This transmittal and/or attachments may be privileged or confidential. It is intended solely for the addressee named above. If you received this transmittal in error, please notify us immediately by reply and delete this message and all its attachments. Thank you. **************************************************************************************************************** ________________________________ Von: radiator <[email protected]> im Auftrag von Heikki Vatiainen <[email protected]> Gesendet: Mittwoch, 14. Juli 2021 20:26 An: [email protected] <[email protected]> Betreff: Re: [RADIATOR] AuthBy DUO issue On 13.7.2021 18.05, [email protected] wrote: > We've encountered another issue today: when CheckTimerInterval is > configured to 0, to disable the periodic DUO API check which fills our > log and generated unnecessary traffic and load, the API never recovers > when marked as dead. That seems to be correct, but likely not expected. > Do you have a suggestion how to solve this besides configuring > CheckTimerInterval for something else? Currently there is nothing to solve this. A strategy, such as starting the poll timer when the API is down and letting it poll until it's up, would be needed. If you have a preferred idea, please let us know. Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory, EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc. _______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
_______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
