Valued Contributor I

Why cache SQL auth source results for 10 hours?

Here's a question for you:-


I needed to link our clearpass service into an existing quarantine solution used by our FreeRadius service. I did this by having a separate MySQL mac_address table with a field that identifies whether a device is quarantined or not and creating an authentication source that does "select count(*) from  .... where <mac address is quarantined>"


This returns a 0 if not quarantined  and 1 if quarantined. I then use this to set a Quarantine role which is used in my enforcement policy.


Problem is that there is a default caching policy of 10 hours on a generic SQL auth source ... 10 HOURS!


Why 10 hours? That's hell of a long time. I know you can change it for  a given auth source object, but a cursory glance at the default makes you think its 3600 seconds i.e. an hour





Guru Elite

Re: Why cache SQL auth source results for 10 hours?

I don't think there is a specific reason why that is the default. The expectation is that you would change it depending on the use case.

Tim Cappalli | Aruba Security
@timcappalli | | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: