From fabeb81842796838035b64734e53a28463df50f6 Mon Sep 17 00:00:00 2001
From: Walter de Jong <walter.dejong@surfsara.nl>
Date: Fri, 29 Aug 2014 12:06:46 +0200
Subject: new parameter max_challenge limits number of Access-Challenges

Force authentication failure when a certain amount of challenges
has been reached.
This is a workaround for buggy servers that keep issueing
challenges, when they should really send Access-Reject.
The limit is configurable through parameter "max_challenge".
The default is 0, which means the workaround is disabled.
An invalid or negative value also disables this workaround.
---
 USAGE | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'USAGE')

diff --git a/USAGE b/USAGE
index 48f49b4..d2694f3 100644
--- a/USAGE
+++ b/USAGE
@@ -91,5 +91,9 @@ prompt=string  - Specifies the prompt, without the ': ', that PAM should
                  relevant string different from Password) in this
                  situation.
 
+max_challenge=# - configure maximum number of challenges that a server
+                  may request. This is a workaround for broken servers
+                  and disabled by default.
+
 ---------------------------------------------------------------------------
 
-- 
cgit v1.2.3