Re: PAM, shadow using DBM files?

On Tue, Jul 25, 2000 at 09:00:02AM -0500, Scott Isaacson wrote:
> I administer a RedHat 6.2 system with about 6000 users.  Authentications are
> noticeably slow, with users toward the bottom of the passwd file often
> taking 15-20 seconds to authenticate via ipop3d.  I suspect the
> authentication mechanism itself because users toward the top of the passwd
> file will authenticate within 1 second.
> A theory I have is that hashing the passwd and shadow files, as on some
> commercial *nixes, would speed things up and solve the problem.  It looks
> like the capability to use DBM files is at least partially written into the
> shadow password package, but not enabled on the version distributed with
> RedHat 6.2.
> What do you think is the best way to solve the slow authentication problem?
> Is anyone using shadow passwords with the DBM files?  After quite a bit of
> searching and reading through archives, I've found a few mentions of the
> problem, but not a clear solution.  Can you point me toward any additional
> documentation on getting this to work with PAM on RH 6.2?

Look at /var/db/Makefile.  Notice also the 'db' option in
/etc/nsswitch.conf.  I grep for 'passwd' in the output of 'strings
/lib/libnss_db-2.1.2.so' and it returns /var/db/passwd.db.  I haven't
actually done this, but it should be doable.  I don't know about the
actual PAM part, though--possibly pam_userdb.so?

OTOH, you might consider using nss_ldap (w/pam_ldap) instead.

