Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.0.0.AM25
-
None
-
None
Description
Once upon a time, when we were authenticating users, we were fetching the password from the backend, which was costly, beside checking that the entry existed (another lookup done on the backend).
The idea was to add a credential cache to avoid doing that repetitively.
The thing is that it's not anymore necessary because before doing any kind of password verification, we fetch the entire entry, including its password.
Still, we have kept the credential cache.
We can now remove it, which will incidentally remove a contention point (and the necessity of invalidating the cache when the entry was moved, renamed, or its password removed or modified).
An extra benefit is that we won't have a place in memory where the password will be stored for a long period of time...