EAP-TLS performance SQL backend bottleneck
leopold
vova_b at yahoo.com
Thu Sep 10 22:33:32 CEST 2009
It looks to me if authenticate section passes it sets request->reply->code=2
(Access-Accept) and then we cannot force server not to respond as it
compares with 0
How can we force it not to respond in post-auth if control is set to
not_respond (PW_RESPONSE_PACKET_TYPE is 256)?
event.c
case PW_AUTHENTICATION_REQUEST:
gettimeofday(&request->next_when, NULL);
if (request->reply->code == 0) {
/*
* Check if the lack of response is
intentional.
*/
vp = pairfind(request->config_items,
PW_RESPONSE_PACKET_TYPE);
if (!vp) {
RDEBUG2("There was no response configured:
rejecting request %d",
request->number);
request->reply->code =
PW_AUTHENTICATION_REJECT;
} else if (vp->vp_integer == 256) {
RDEBUG2("Not responding to request %d",
request->number);
} else {
request->reply->code = vp->vp_integer;
}
}
I looked in the code and inside event.c
Ivan Kalik wrote:
>
>> The documentation says that it was improved only for TTLS and PEAP, but
>> not
>> for TLS.
>> EAPTLS module always returns "updated" in authorize section and only in
>> the
>> end it returns "ok" in authenticate section.
>> We need to avoid calling SQL module in authorize section
>
> So don't call it. Remove it from authorize and list sql.authorize in
> post-auth. That will add reply attributes from the database.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
--
View this message in context: http://www.nabble.com/EAP-TLS-performance-SQL-backend-bottleneck-tp25386668p25390505.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list