While I do agree with you, working on the SQL aspect is not a possibility in this case.  It also first appeared that invoking any external code only when its outcome will be meaningful is more appropriate and easier to do.  And if Stefan suggestion works, it would then be true.

In any case, it does appear illogical to request 4-5 times the same query (independentely of their time taken to execute) to an SQL database and discard its result each time based on a username that is not yet validated (not the inner-tunnel username) and may not be the correct one. 



2014-03-27 11:30 GMT-04:00 Alan DeKok <aland@deployingradius.com>:
Yannick Koehler wrote:
...
>     >   I have an authorization module to write for FreeRADIUS that does a
>     > fair amount of CPU intensive SQL queries 1-2 seconds time.

  That is a problem.  You need to fix that.

  There is no good reason for the SQL queries to take 1-2 seconds.  Any
CPU intensive work should be moved out of the critical path.  The SQL
server should respond to FreeRADIUS within 10ms ideally, or 100ms at the
most.

  You should re-design your use of SQL.  Since you didn't say *why* the
queries are taking 1-2 seconds, I can't offer any more specific advice.

  FYI, when I look at poorly performing RADIUS systems, it's almost
always due to the SQL database.  I spend probably 5% of my time fixing
FreeRADIUS configuration, and 95% of my time fixing bad SQL configuration.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



--
Yannick Koehler
Courriel: yannick@koehler.name
Blog: http://corbeillepensees.blogspot.com