JB74 writes:
If I store in a memory structure the authentication credentials (i.e. user and password) following some cache policy, I could use this structure to check if the user exists and check his/her identity without having to contact a remote database/radius server (where network latency typically is a bottleneck). If the user credentials are not in the cache, then OpenSER will contact the database/radius server to authenticate the user (normal procedure).
Maybe I am oversimplifying the problem. Could you help me to understand better why this is not possible?
jb,
what you describe is, of course, possible (unless user changes his/her password and cached credential don't work anymore) if your intention is JUST to authenticate the user.
if you read openser the radius authentication, you'll notice that authentication query may also return reply items that cause AVPs to be setup. for me these reply items are extremely important, because they contain all kinds of attributes associated with the authenticated user and his/her uri, and, due to they changing nature, it is not possible to cache them.
hope this explains why caching of credentials does not help to save the radius query.
-- juha