[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TCP password request timeout
Date: Thu, 29 Mar 90 17:55 PST
From: TYSON@Warbucks.AI.SRI.COM (Mabry Tyson)
Date: Thu, 29 Mar 90 15:48 PST
From: firstname.lastname@example.org (Jack Greenbaum)
>Date: Thu, 29 Mar 90 14:54 PST
>From: Monty Kosma <kosma%stc-sun@STC.LOCKHEED.COM>
>To: slug%alan@STC.LOCKHEED.COM, symbolics%alan@STC.LOCKHEED.COM
>Subject: TCP password request timeout
>Anybody know anything about the following?
>I'm using tcp and compiling a bunch of source files which reside on a
>remote (unix) machine. At the beginning of the compile operation, I am
>prompted for my password, which I can understand, but then several times
>throughout the compiling of the system I am again and again asked for my
>password. It seems as if there is some sort of a timeout or something, as
>it doesn't ask each time it gets a new file. Any idea on how I can change
>this behavior? It would be nice for it to at least wait for a bit longer
>before rerequesting the password.
We use (setf fs:*remember-passwords* t).
As I recall from trying to track this down in the past, the problem lies in
the fact that the Symbolics wants to reuse the port on the FTP connection
but the foreign host hasn't yet finished closing it and so refuses to reuse
it. So the Symbolics opens another FTP connection and requires the login
Please realize that if you set FS:*REMEMBER-PASSWORDS* to T, then
someone could walk up to your machine and, in a matter of seconds, get
all your passwords to all the systems you FTPed to. No encryption to
Your analysis is mostly correct. FTP connections are reused whenever
possible. FTP in 7.2 had a host of timing problems reusing connections mostly
with the connection scavenger. These would conspire together to use even more
connections as well as blow out from time to time. All the timing holes I
could find were closed in 8.0 and fewer connections should be used but it is
true that a password will be needed for every new connection made. Compiling
a file requires two connections, one for input and one for output. Barmar
also points out that the FILE-CONTROL-LIFETIME host attribute can be used to
keep the connections around longer but many servers will close down idle
connections after a set period, making longer file-control-lifetimes useless
(BSD Unix 4.3 defaults to 15 minutes last I checked).
FS:*REMEMBER-PASSWORDS* can be used to reduce the prompting but the security
implications should be carefully weighed.