Subject: Re: PAM stinks
To: None <email@example.com>
From: sudog <firstname.lastname@example.org>
Date: 10/03/2001 08:30:25
On Tuesday 02 October 2001 18:54, Miles Nordin wrote:
> > The mentioned installation could have used a standard text user-
> > /passwordfile.
> Or, a standard db(3) file, even.
Assuming you're talking about my installation, yes, I know that. It was
still too slow on a dual Pentium II compared with direct access by the
login/ftp/whatever software to be usable in that environment.
We also tried using the db files as well--rebuilding the DB file as often
as we did because of all the password changes was difficult to say the
least, and interfered with PAM's ability to use the db file effectively.
Basically we had to wait for two or three hours while the db propagated to
all the satellite authentication mechanisms.
A simple rsync on /etc/passwd and /etc/shadow, modifying the tech
support's tools to access these in a queued, serial manner, and rebuilding
telnetd/login/ftpd to access these directly was what worked. The PAM
included with RedHat sucks (or sucked at any rate as of 6.2.) Period. And
if I have to pare it down to the point where the only thing it's doing is
accessing the flatfile /etc/passwd directly (which was still significantly
slower than direct) then what's the point of that particular
implementation of PAM to begin with?
And don't even get me started on what I needed to do to get Radiator
running and integrated.