Set service.authcachesize equal to a number larger than the max concurrency of your user base. Setting this number higher than what your hardware can support could allow a Denial Of Service attack.