[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: a few questions on implementation



Stephen Langasek writes:
> On Wed, 3 Feb 1999, Ben Collins wrote:
> 
> > I'm stuck on whether to use pam_pwdb as the default module as opposed
> > to the pam_unix_* modules. Obviously pam_pwdb has the advantage of
> > lifting suid root permissions from some binaries like xlock, as well as
> > making it easier for suid root svgalib programs to drop priviledges
> > while still being able to authenticate users, such as vclock.
> 
> Personal opinion here, based on our own experiences at work and on
> comments from many other RedHat users, is that the pam_unix_* set would be
> a better choice for a default setup at this point.  pam_pwdb in its
> current form seems to have some serious performance problems when used on
> large user databases, and all in all doesn't seem to scale well ATM.

In particular, pam_pwdb doesn't use straight getsp{nam,ent}() calls
and so you can't switch to using nss_db /var/db/shadow.db when you
have lots of users.

--Malcolm

-- 
Malcolm Beattie <mbeattie@sable.ox.ac.uk>
Unix Systems Programmer
Oxford University Computing Services



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []