Subject: Re: PAM stinks
To: None <>
From: sudog <>
List: netbsd-advocacy
Date: 10/03/2001 08:30:25
On Tuesday 02 October 2001 18:54, Miles Nordin wrote:
> > The mentioned installation could have used a standard text user-
> > /passwordfile.
> Or, a standard db(3) file, even.

Assuming you're talking about my installation, yes, I know that. It was 
still too slow on a dual Pentium II compared with direct access by the 
login/ftp/whatever software to be usable in that environment.

We also tried using the db files as well--rebuilding the DB file as often 
as we did because of all the password changes was difficult to say the 
least, and interfered with PAM's ability to use the db file effectively. 
Basically we had to wait for two or three hours while the db propagated to 
all the satellite authentication mechanisms.

A simple rsync on /etc/passwd and /etc/shadow, modifying the tech 
support's tools to access these in a queued, serial manner, and rebuilding 
telnetd/login/ftpd to access these directly was what worked. The PAM 
included with RedHat sucks (or sucked at any rate as of 6.2.) Period. And 
if I have to pare it down to the point where the only thing it's doing is 
accessing the flatfile /etc/passwd directly (which was still significantly 
slower than direct) then what's the point of that particular 
implementation of PAM to begin with?

And don't even get me started on what I needed to do to get Radiator 
running and integrated.