[OpenSER-Users] Authentication credentials cache

Juha Heinanen jh at tutpro.com
Thu Feb 21 05:49:39 CET 2008


JB74 writes:

 > If I store in a memory structure the authentication credentials (i.e. user
 > and password) following some cache policy, I could use this structure to
 > check if the user exists and check his/her identity without having to
 > contact a remote database/radius server (where network latency typically is
 > a bottleneck). If the user credentials are not in the cache, then OpenSER
 > will contact the database/radius server to authenticate the user (normal
 > procedure).
 > 
 > Maybe I am oversimplifying the problem. Could you help me to understand
 > better why this is not possible?

jb,

what you describe is, of course, possible (unless user changes his/her
password and cached credential don't work anymore) if your intention is
JUST to authenticate the user.

if you read openser the radius authentication, you'll notice that
authentication query may also return reply items that cause AVPs to be
setup.  for me these reply items are extremely important, because they
contain all kinds of attributes associated with the authenticated user
and his/her uri, and, due to they changing nature, it is not possible to
cache them.

hope this explains why caching of credentials does not help to save the
radius query.

-- juha




More information about the sr-users mailing list