Subject: Re: integrating PAM
To: None <email@example.com>
From: Ken Hornstein <firstname.lastname@example.org>
Date: 01/23/2003 13:33:53
>All PAM implementations I've seen are needlessly complex and difficult to
>modify and use in a large-ish environment. On a system with 40,000 busy user
>accounts, every PAM I've seen bogs down to the point where logins can time
>out before the PAM auth returns. Compiling out PAM support is kind of a pain.
So, what exactly was the back-end authentication system that PAM was
using in this case? I mean, I'm not saying PAM is perfect, but it's
really just a shim to some other kind of authentication system. I have
a hard time believing, for example, a PAM module that implemented
the traditional Unix /etc/passwd authentication would really impact
performace at all. And if it was something like LDAP ... is it PAM
that was at fault, or LDAP?