EAP-TLS performance SQL backend bottleneck

leopold vova_b at yahoo.com
Thu Sep 10 22:33:32 CEST 2009


It looks to me if authenticate section passes it sets request->reply->code=2
(Access-Accept) and then we cannot force server not to respond as it
compares with 0 
How can we force it not to respond in post-auth if control is set to
not_respond (PW_RESPONSE_PACKET_TYPE is 256)?

event.c
case PW_AUTHENTICATION_REQUEST:
                gettimeofday(&request->next_when, NULL);
    
                if (request->reply->code == 0) {
                        /*
                         *      Check if the lack of response is
intentional.
                         */
                        vp = pairfind(request->config_items,
                                      PW_RESPONSE_PACKET_TYPE);
                        if (!vp) {
                                RDEBUG2("There was no response configured:
rejecting request %d",
                                       request->number);
                                request->reply->code =
PW_AUTHENTICATION_REJECT;
                        } else if (vp->vp_integer == 256) {
                                RDEBUG2("Not responding to request %d",
                                       request->number);
                            } else {
                                request->reply->code = vp->vp_integer;
    
                        }
                }
I looked in the code and inside event.c

Ivan Kalik wrote:
> 
>> The documentation says that it was improved only for TTLS and PEAP, but
>> not
>> for TLS.
>> EAPTLS module always returns "updated" in authorize section and only in
>> the
>> end it returns "ok" in authenticate section.
>> We need to avoid calling SQL module in authorize section
> 
> So don't call it. Remove it from authorize and list sql.authorize in
> post-auth. That will add reply attributes from the database.
> 
> Ivan Kalik
> Kalik Informatika ISP
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 

-- 
View this message in context: http://www.nabble.com/EAP-TLS-performance-SQL-backend-bottleneck-tp25386668p25390505.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.




More information about the Freeradius-Users mailing list