21 Feb
2008
21 Feb
'08
12:56 a.m.
Hello all,
Thank you for your responses.
Indeed, I was thinking about a caching mechanisms similar to the one used in
IMS, as Klaus described in the previous post.
If I store in a memory structure the authentication credentials (i.e. user
and password) following some cache policy, I could use this structure to
check if the user exists and check his/her identity without having to
contact a remote database/radius server (where network latency typically is
a bottleneck). If the user credentials are not in the cache, then OpenSER
will contact the database/radius server to authenticate the user (normal
procedure).
Maybe I am oversimplifying the problem. Could you help me to understand
better why this is not possible?
Thanks,
JB
Klaus Darilion-2 wrote:
Iñaki Baz Castillo schrieb:
--
View this message in context:
http://www.nabble.com/Authentication-credentials-cache-tp15522750p15600883.…
Sent from the OpenSER Users Mailing List mailing list archive at Nabble.com.
El Lunes, 18 de Febrero de 2008, Juha Heinanen
escribió:
FYI: I think the original question refers to IMS, where the S-CSCF can
retrieve pre-calculated nonces and responses from the diameter server to
avoid diameter requests for each authentication.
klaus
_______________________________________________
Users mailing list
Users(a)lists.openser.org
http://lists.openser.org/cgi-bin/mailman/listinfo/users
Bogdan-Andrei Iancu writes:
In fact I think that the only caching making sense would be directly in
the
final backend (DB, Radius, LDAP..). Credential caching is not support - for any of
the backends (radius
or
sql). As far as I know, there are no plans for
caching yet... Mainly
because the fetching the passwd from DB is combined in a single query
with caller profile fetching - see the "load_credentials" module
param
in auth_db module.
yes, when i radius authenticate a user, the reply contains lots of user
attributes as reply items. these attributes can change any time and
thus cannot be cached.