There is serious bug in handling requests in AATV module of AA_FORK
and AA_FREPLAY types in Merit AAA server. If AATV module not
responding for a long time main server drops original request without
cleaning some critical information (process counter aatv->proc_cnt).
As a result after some definite number of timeouts server stops
responding.
PR: 23212
Submitted by: Andriy I Pilipenko <bamby@marka.net.ua>
FWIW, checkout of these things took 5+hrs, staying on the local
.freebsd.org net w/o hitting the 'net at all.
As promised,
$ time cvs ci
real 67m51.701s
user 0m1.250s
sys 0m5.345s
Fix one serious bug in the RADIUS server's Kerberos interface, one
minor nit in the build, and add one feature:
- Properly validate the Kerberos ticket we obtained against an actual
service so we know it wasn't forged.
- Make sure the test programs are built knowing where the database is.
- If the make variable KRB_INSTANCE is defined, it names the instance of
each user to be used in validating their Kerberos password. (If this
instance doesn't exist, the validation will fail.) This can be used
for both access control and to keep separate one's login password from
the less secure RADIUS mechanism (since exposure of the instance does
not expose the null instance).
all the COMMENTs! No package names, no version numbers, no "this is
absolutix-3.1.2" type comments that have zero information contents.
Now, without any bad examples to follow, nobody has an excuse to import
a port with those kind of comments. :)
Phew! 238 ports modified!
