On 29/02/16 14:01, Alan DeKok wrote:
On Feb 29, 2016, at 8:34 AM, Jonathan Gazeley <Jonathan.Gazeley@bristol.ac.uk> wrote:
In our EAP-PEAP sessions, the typical conversation length is 10 packets. We have TLS caching enabled, but I noticed the TLS cache is populated during packet 4, which is before processing has started on the tunneled authentication.
The session is cached when the TLS connection has been established.
Is it possible to force an update of the cache entry from the inner-tunnel server e.g. to add attributes that are only available at this stage? I attempted to call an update by doing this in the inner-tunnel server:
update control { Cache-TTL := 0 } cache_tls_session
This caused authentications to fail with "cache_tls_session (fail)" and no further information is given. Is it possible to do this?
It's better to update the cache in the outer post-auth section. The cache key is more likely to be the same.
Just tried that. It fails like this: (9) Running section post-auth from file /etc/raddb/sites-enabled/eduroamlocal-auth (9) post-auth { ... (9) update control { (9) &control:Cache-TTL := 0 (9) } # update control (noop) (9) cache_tls_session (fail) (9) } # post-auth (fail) Have we got the syntax wrong? Thanks, Jonathan