[Kamailio-Users] Demerits of using normal Authentication insted of radius or diameter auth
19 Feb
2010
19 Feb
'10
5:38 a.m.
Hello guys.....
Recent now i had started taking keen interest in kamailio.
I was testing kamailio, and i had test it under two scenario.
first of all let me tell u about my configuration.
I am testing on normal Desktop pc, installed kamailio,mysql, radius
everything on same pc.
I am using MYSQL anyway for both sort of testing.
When i test with radius authentication, means using radius_www_authorize
at max i am getting around 500 cps for Registration, but when i use normal
www_authorize i am getting around 2000 CPS....
whopping difference guys.....
So, i was wondering what is merits and demerits of not using Radius based
authentication.
Is it insecure if i use normal Authentication?
Its not in my knowledge that radius do encryption...so i dont think by
using radius it provides more security.
What is your opinions about it?
--
Regards,
Hemanshu Patel
M: 09601295238
19 Feb
19 Feb
6:56 a.m.
Hello,
On 02/19/2010 06:38 AM, Hemanshu Patel wrote:
Hello guys.....
Recent now i had started taking keen interest in kamailio.
I was testing kamailio, and i had test it under two scenario.
first of all let me tell u about my configuration.
I am testing on normal Desktop pc, installed kamailio,mysql, radius
everything on same pc.
I am using MYSQL anyway for both sort of testing.
When i test with radius authentication, means using radius_www_authorize
at max i am getting around 500 cps for Registration, but when i use normal
www_authorize i am getting around 2000 CPS....
whopping difference guys.....
So, i was wondering what is merits and demerits of not using Radius based
authentication.
Is it insecure if i use normal Authentication?
Its not in my knowledge that radius do encryption...so i dont think by
using radius it provides more security.
What is your opinions about it?
if you have mysql behind radius there is no benefit using radius in this
case. You just add another point in architecture, you need to take care
of failover for it, etc. Also, it adds delays, as you observed.
It is no encryption for radius communication. The advantage would be
when you would have others services that must use radius, due to
different constraints and the database behind radius is not natively
supported by kamailio. I have to say that I am not the
very-radius-familiar guy, there might be other advantages when using
radius inside multi-services platform, but not at my knowledge now.
Cheers,
Daniel
--
Daniel-Constantin Mierla
SIP Server Professional Solutions
* http://www.asipto.com/
8:42 a.m.
Yeah,
thanks daniel
I came to same decision after googlling a bit...
--
Regards,
Hemanshu Patel
M: 09601295238
Hello,
On 02/19/2010 06:38 AM, Hemanshu Patel wrote:
Hello guys.....
Recent now i had started taking keen interest in kamailio.
I was testing kamailio, and i had test it under two scenario.
first of all let me tell u about my configuration.
I am testing on normal Desktop pc, installed kamailio,mysql, radius
everything on same pc.
I am using MYSQL anyway for both sort of testing.
When i test with radius authentication, means using radius_www_authorize
at max i am getting around 500 cps for Registration, but when i use
normal
www_authorize i am getting around 2000 CPS....
whopping difference guys.....
So, i was wondering what is merits and demerits of not using Radius
based
authentication.
Is it insecure if i use normal Authentication?
Its not in my knowledge that radius do encryption...so i dont think by
using radius it provides more security.
What is your opinions about it?
if you have mysql behind radius there is no benefit using radius in this
case. You just add another point in architecture, you need to take care
of failover for it, etc. Also, it adds delays, as you observed.
It is no encryption for radius communication. The advantage would be
when you would have others services that must use radius, due to
different constraints and the database behind radius is not natively
supported by kamailio. I have to say that I am not the
very-radius-familiar guy, there might be other advantages when using
radius inside multi-services platform, but not at my knowledge now.
Cheers,
Daniel
--
Daniel-Constantin Mierla
SIP Server Professional Solutions
* http://www.asipto.com/
21 Feb
21 Feb
5:44 a.m.
Hemanshu Patel writes:
When i test with radius authentication, means using
radius_www_authorize
at max i am getting around 500 cps for Registration, but when i use normal
www_authorize i am getting around 2000 CPS....
are you sure that you have turned your radius server properly? in case
of freeradius, num_sql_socks should be at least as high as you have
proxy processes access radius.
So, i was wondering what is merits and demerits of not
using Radius based
authentication.
perhaps nowadays radius does not have merits of its own, but it is very
convenient to get as reply items the various attributes related to
domain, user, and uri itself of the authenticated request.
perhaps you can nowadays do the same with avp dp call or calls, but in
the early days, it was more difficult that using radius. the same holds
for attributes related to the UAS.
-- juha
5259
days inactive
5261
days old
3 comments
3 participants
participants (3)
-
Daniel-Constantin Mierla -
Hemanshu Patel -
jh@tutpro.com