3.26.29. CachePasswords Previous topic Parent topic Child topic Next topic

This parameter enables a user password cache in this AuthBy. It can be used to improve the performance of slow AuthBy clauses, or when large number of identical requests for the same user are likely to occur, or when multiple request might result from a one-time password (in a multi-link or wireless roaming environment) etc.
If this parameter is set, all Access-Requests will first be checked against a password cache that contains a copy of the last valid Access-Accept for that user. If the cache contains a matching password that has not exceeded its CachePasswordExpiry, the previous reply will be sent back, without looking up the user again in this AuthBy. Therefore the possibly slow process of consulting the user database or proxying the request can be sometimes avoided.
Not all AuthBy clauses support this parameter (or CachePasswordExpiry and CacheReplyHook), but the ones that do include UNIX, FILE, DBFILE, EMERALD, SQL, LDAP, ACE, OPIE, PLATYPUS, RADMIN and RADIUS. Other AuthBy clauses may or may not support this parameter.
Use of this parameter with a large user population can cause large amounts of memory use by the Radiator process.
If Radiator is restarted, the password cache is lost.
Matching of cached passwords can never succeed for CHAP or MS-CHAP authentication requests.