[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM, shadow using DBM files?



On Tue, 25 Jul 2000, Scott Isaacson wrote:

> I administer a RedHat 6.2 system with about 6000 users.  Authentications are
> noticeably slow, with users toward the bottom of the passwd file often
> taking 15-20 seconds to authenticate via ipop3d.  I suspect the
> authentication mechanism itself because users toward the top of the passwd
> file will authenticate within 1 second.

> A theory I have is that hashing the passwd and shadow files, as on some
> commercial *nixes, would speed things up and solve the problem.  It looks
> like the capability to use DBM files is at least partially written into the
> shadow password package, but not enabled on the version distributed with
> RedHat 6.2.

Switching to DBM files would speed things up, but you'll find that simply
replacing the references to pam_pwdb.so in your PAM config files with
pam_unix.so will speed things up tremendously.  Our password file is about
9000 lines long at the moment, and we're able to continue using pam_unix for
authentication.

If you feel that authentication is still too slow, then yes, you can also use
NSS to tweak the back-end that pam_unix uses for authentication, using 'db' in
nsswitch.conf ahead of 'files'.  I doubt you'll need to go to the extra
effort, though.

HTH,
Steve Langasek
postmodern programmer



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []