[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

pam_pwdb slowdown



Has anyone looked into why using pam_pwdb with more than a few users
slows everything down?  I have an /etc/passwd file with under 3000 users
in it.  If I type 'su <username>', it takes about 4 seconds for the
Password: prompt to come up and about 6 seconds to get a prompt after
the password is entered.  And that is with the system mostly idle.

If I let my POP daemon use PAM with connections coming in at 40-60 a
minute, the server quickly falls over from the load.  If I recompile my
POP daemon without PAM support, it handles those connections with no
problems (this is cucipop).

I read that this is a known problem and to use pam_unix_auth instead,
but it doesn't seem to work for me for su.  My /etc/pam.d/su used to
look like:

#%PAM-1.0
auth       required	/lib/security/pam_wheel.so group=wheel use_uid
auth       required	/lib/security/pam_pwdb.so shadow nullok
auth       optional     /usr/local/lib/security/pam_mail.so nopen hash=2
auth       optional     /lib/security/pam_env.so
account    required	/lib/security/pam_pwdb.so
password   required	/lib/security/pam_cracklib.so
password   required	/lib/security/pam_pwdb.so shadow use_authtok nullok
session    required	/lib/security/pam_pwdb.so
session    required	/lib/security/pam_limits.so

and all I did was change

auth       required	/lib/security/pam_pwdb.so shadow nullok

to

auth       required	/lib/security/pam_unix_auth.so

Now, only if you are running su as root can you su to another user.
Only members of the wheel group can su to root (which is what I want),
but everyone else can't su to anyone.

-- 
Chris Adams - cadams@ro.com
System Administrator - Renaissance Internet Services
I don't speak for anybody but myself - that's enough trouble.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []