John Douglass wrote: > Would ANY authentication for "jd187" get the cached applied or does > freeradius have some concept of uniqueness when it comes to different > sessions by the same user?
It's SSL session resumption. The previous SSL session can get re-used, based on secrets known only by the cache in FreeRADIUS, and by the user who originally authenticated via that SSL session. > So I am assuming that session id is some combination of attributes No. The session Id is an SSL thing that is handled internally by OpenSSL. But it *is* unique to each session. > Figured I would bring this to see if anyone has any insight on how this > session ID is created, managed, and applied to the subsequent > session/authentications. I'll be running some experiments on this early > next week but figured I might ask if anyone has any ideas on how/when > the caching is applied (as configured by the eap.conf variables). I recommend *not* trying to understand all of the internal details of how this works. A lot is going on inside of FreeRADIUS and OpenSSL, and it's simply not worth your time to look. It works, and it works *properly*. Dozens of people have spent years designing the various pieces so that all of the possible concerns are addressed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
