[Kamailio-Users] Demerits of using normal Authentication insted of radius or diameter auth
Hello guys.....
Recent now i had started taking keen interest in kamailio.
I was testing kamailio, and i had test it under two scenario. first of all let me tell u about my configuration. I am testing on normal Desktop pc, installed kamailio,mysql, radius everything on same pc.
I am using MYSQL anyway for both sort of testing. When i test with radius authentication, means using radius_www_authorize at max i am getting around 500 cps for Registration, but when i use normal www_authorize i am getting around 2000 CPS....
whopping difference guys.....
So, i was wondering what is merits and demerits of not using Radius based authentication. Is it insecure if i use normal Authentication? Its not in my knowledge that radius do encryption...so i dont think by using radius it provides more security. What is your opinions about it?
Hello,
On 02/19/2010 06:38 AM, Hemanshu Patel wrote:
Hello guys.....
Recent now i had started taking keen interest in kamailio.
I was testing kamailio, and i had test it under two scenario. first of all let me tell u about my configuration. I am testing on normal Desktop pc, installed kamailio,mysql, radius everything on same pc.
I am using MYSQL anyway for both sort of testing. When i test with radius authentication, means using radius_www_authorize at max i am getting around 500 cps for Registration, but when i use normal www_authorize i am getting around 2000 CPS....
whopping difference guys.....
So, i was wondering what is merits and demerits of not using Radius based authentication. Is it insecure if i use normal Authentication? Its not in my knowledge that radius do encryption...so i dont think by using radius it provides more security. What is your opinions about it?
if you have mysql behind radius there is no benefit using radius in this case. You just add another point in architecture, you need to take care of failover for it, etc. Also, it adds delays, as you observed.
It is no encryption for radius communication. The advantage would be when you would have others services that must use radius, due to different constraints and the database behind radius is not natively supported by kamailio. I have to say that I am not the very-radius-familiar guy, there might be other advantages when using radius inside multi-services platform, but not at my knowledge now.
Cheers, Daniel
Yeah, thanks daniel
I came to same decision after googlling a bit...
Hemanshu Patel writes:
When i test with radius authentication, means using radius_www_authorize at max i am getting around 500 cps for Registration, but when i use normal www_authorize i am getting around 2000 CPS....
are you sure that you have turned your radius server properly? in case of freeradius, num_sql_socks should be at least as high as you have proxy processes access radius.
So, i was wondering what is merits and demerits of not using Radius based authentication.
perhaps nowadays radius does not have merits of its own, but it is very convenient to get as reply items the various attributes related to domain, user, and uri itself of the authenticated request.
perhaps you can nowadays do the same with avp dp call or calls, but in the early days, it was more difficult that using radius. the same holds for attributes related to the UAS.
-- juha
-
Daniel-Constantin Mierla -
Hemanshu Patel -
jh@tutpro.com