|
Actually, the answer is a little more
straightforward when Radius is involved. No package including Radius
should be reading from a flat file (cached or not). In the case of Radius,
the users file can quickly become a problem after a few thousand
users. With SQL, proper indexing can allow lookups to be
fairly fast but even then after a few hundred thousand users, SQL starts to
ache. LDAP used as a general purpose user/information store was
designed to scale to literally millions of users so it does well as a back-end
authentication source due to its scalability and speed (far faster than MySQL,
Postgres, or Oracle for that matter). SQL (MySQL for example) on the
other hand is quite nice for storing the Radius accounting data.
Read from LDAP and write to SQL.
Hmmmm....... A nice blend of technologies that excel in their
respective areas.
Our servers have run in this configuration almost
flawlessly (given a few DOS attacks) and auth users in a few seconds after
PPP negotiations.
|
