[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: xlockmore (pam)



   Date: Mon, 9 Sep 1996 14:46:45 -0400 (EDT)
   From: Elliot Lee <sopwith@cuc.edu>

   Has anyone thought of the efficiency implications of this approach? Sure,
   I know Linux is supposed to be super-fast and all, but in My Real World
   (e.g. my 8M home machine ;-) spawning off processes left and right is
   probably not a good idea. As little overhead as possible should be
   dedicated to authentication - decreasing its speed and increasing its
   memory usage will slow down the system for this often-done operation. 
   After all, not everyone is running a Turing machine... 

Well, that's the advantage of PAM.  You make a separate PAM module which
runs the setuid process to validate a password, and only non-root
programs like xscreensaver would need to use this special module.
/etc/pam.conf allows you to configure which modules get used on a
per-application basis.

In any case, the process is spawned only once, and and then only for
non-root programs that need to validate the user's password --- which is
NOT happening all the time.  If you are constantly demanding that users
type in their password, there will be complaints, but it won't be
because of the extra time in spawning the process!  :-)

So, I doubt it will be a problem in real life.

						- Ted



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []