Example of how to use caching (Cached-Session-Policy)?
Alan DeKok
aland at deployingradius.com
Sat Apr 23 08:22:01 CEST 2011
John Douglass wrote:
> Would ANY authentication for "jd187" get the cached applied or does
> freeradius have some concept of uniqueness when it comes to different
> sessions by the same user?
It's SSL session resumption. The previous SSL session can get
re-used, based on secrets known only by the cache in FreeRADIUS, and by
the user who originally authenticated via that SSL session.
> So I am assuming that session id is some combination of attributes
No. The session Id is an SSL thing that is handled internally by
OpenSSL. But it *is* unique to each session.
> Figured I would bring this to see if anyone has any insight on how this
> session ID is created, managed, and applied to the subsequent
> session/authentications. I'll be running some experiments on this early
> next week but figured I might ask if anyone has any ideas on how/when
> the caching is applied (as configured by the eap.conf variables).
I recommend *not* trying to understand all of the internal details of
how this works. A lot is going on inside of FreeRADIUS and OpenSSL, and
it's simply not worth your time to look.
It works, and it works *properly*. Dozens of people have spent years
designing the various pieces so that all of the possible concerns are
addressed.
Alan DeKok.
More information about the Freeradius-Users
mailing list