[OpenSER-Users] Authentication credentials cache

JB74 jbarry74 at hotmail.com
Wed Feb 20 23:56:34 CET 2008


Hello all,

Thank you for your responses. 

Indeed, I was thinking about a caching mechanisms similar to the one used in
IMS, as Klaus described in the previous post. 

If I store in a memory structure the authentication credentials (i.e. user
and password) following some cache policy, I could use this structure to
check if the user exists and check his/her identity without having to
contact a remote database/radius server (where network latency typically is
a bottleneck). If the user credentials are not in the cache, then OpenSER
will contact the database/radius server to authenticate the user (normal
procedure).

Maybe I am oversimplifying the problem. Could you help me to understand
better why this is not possible?

Thanks,
JB



Klaus Darilion-2 wrote:
> 
> 
> 
> Iñaki Baz Castillo schrieb:
>> El Lunes, 18 de Febrero de 2008, Juha Heinanen escribió:
>>> Bogdan-Andrei Iancu writes:
>>>  > Credential caching is not support - for any of the backends (radius
>>> or
>>>  > sql).  As far as I know, there are no plans for caching yet... Mainly
>>>  > because the fetching the passwd from DB is combined in a single query
>>>  > with caller profile fetching - see the "load_credentials" module
>>> param
>>>  > in auth_db module.
>>>
>>> yes, when i radius authenticate a user, the reply contains lots of user
>>> attributes as reply items.  these attributes can change any time and
>>> thus cannot be cached.
>> 
>> In fact I think that the only caching making sense would be directly in
>> the 
>> final backend (DB, Radius, LDAP..).
> 
> FYI: I think the original question refers to IMS, where the S-CSCF can 
> retrieve pre-calculated nonces and responses from the diameter server to 
> avoid diameter requests for each authentication.
> 
> klaus
> 
> _______________________________________________
> Users mailing list
> Users at lists.openser.org
> http://lists.openser.org/cgi-bin/mailman/listinfo/users
> 
> 

-- 
View this message in context: http://www.nabble.com/Authentication-credentials-cache-tp15522750p15600883.html
Sent from the OpenSER Users Mailing List mailing list archive at Nabble.com.





More information about the Users mailing list