[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: User "accounting" module

On Tue, 9 Sep 1997, Amos Shapira wrote:

> I was going to add PAM support to the cistron radius daemon when
> I found that the only way to authenticate a user is to call
> pam_start, which is very expensive.  Did you find another way to
> merge RADIUSD and PAM?

I am afraid that you don't have any alternative. PAM was intended in first
place for applications that are authenticating users and then open a
session o things like that.

Now, Radius server is only authenticating users, so PAM is not _the best_
thing it could get. This is why I "managed" to stay away from PAMifing the
radius server for so long.

As for expensiveness, I had a radius server running on 48Meg P166 and
doing about 80 auth pamified radius per second, and it was not tunned for
speed yet.

So, basically, you can have a huge hope that PAm won't interfere to much
with RADIUS. But you'l; have to make sure that you don't use expensive
time consuming modules for authentication. PAM as a thing doesn't take to
much time, neither the load and unload of modules - linux buffer cache
helps a lot - there are the time consuming modules that we'll make you
belive that PAM is slow on a decent machine.

I'll bet that you will get the same results by coding all the module
inside RADIUS and skipping PAM.

Cristian Gafton,  /dev/soft/devel, /dev/sys/hack
Red Hat Software, Inc.         gafton@redhat.com
UNIX is user friendly. It's just selective about
who its friends are.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []