> This morning I went ahead and tried the MFS idea.  So now
> *pwd.db.* files are created and stored in memory.  It was mentioned
> to me that this would be a security risk, if anyone on the system
> figured out how to read by accessing group kmem.  Are there any
IMHO mfs is a user process data (mount_mfs) not kmem.
> # time passwd marvelli
> Changing local password for marvelli.
> New password:
> Please enter a longer password.
> New password:
> Retype new password:
> date
>     6.59s real     3.43s user     1.44s system

it's still 6.58s too much
the right solution is to use database files directly and only change data
that were changed without rebuilding. "real" files should be generated
only in case of vipw.