John Douglass wrote:
Would ANY authentication for "jd187" get the cached applied or does freeradius have some concept of uniqueness when it comes to different sessions by the same user?
It's SSL session resumption. The previous SSL session can get re-used, based on secrets known only by the cache in FreeRADIUS, and by the user who originally authenticated via that SSL session.
So I am assuming that session id is some combination of attributes
No. The session Id is an SSL thing that is handled internally by OpenSSL. But it *is* unique to each session.
Figured I would bring this to see if anyone has any insight on how this session ID is created, managed, and applied to the subsequent session/authentications. I'll be running some experiments on this early next week but figured I might ask if anyone has any ideas on how/when the caching is applied (as configured by the eap.conf variables).
I recommend *not* trying to understand all of the internal details of how this works. A lot is going on inside of FreeRADIUS and OpenSSL, and it's simply not worth your time to look. It works, and it works *properly*. Dozens of people have spent years designing the various pieces so that all of the possible concerns are addressed. Alan DeKok.