EAP-TLS performance SQL backend bottleneck
Neal.Garber at energyeast.com
Thu Sep 10 22:56:17 CEST 2009
> I moved sql module call from "authorize" to "post-auth"
What if you leave sql in authorize of the default virtual server, but wrap it with unlang that only calls it if you're not doing EAP. Then, always call it in the inner-tunnel virtual server's authorize section. The inner-tunnel authorize is after the TLS tunnel is formed so it seems that this would eliminate the redundant database calls that occur in the default virtual server while the tunnel is being setup.
More information about the Freeradius-Users