Subject: Re: PAM pwcheck method ?
From: John Lockard (jlockard at umich dot edu)
Date: Thu May 08 2003 - 13:09:29 EDT
I had the same problem with memory leaks with saslauthd and pam.
I grabbed the current source from CVS and the problem is now
--On Thursday, May 08, 2003 11:21:25 AM -0400 Etienne Goyer
<etienne dot goyer at linuxquebec dot com> wrote:
> By error, I replied directly to M. Siemborski instead of the list. I am
> reposting my reply to the list in case someone would like to discuss
> further on the issue.
> On Tue, May 06, 2003 at 12:49:03PM -0400, Rob Siemborski wrote:
>> On Tue, 6 May 2003, Etienne Goyer wrote:
>> > I had been discussing outside the list with Michael Bacon of Duke
>> > about
>> > similar problems he had and he sent me a patch to add PAM as a
>> > pwcheck
>> > method to Cyrus-SASL. The patch applied and compiled without any
>> > problem. My preliminary test where satisfying; the performance was
>> > correct and there was no leak or instability that I could find.
>> If you are able to use PAM successfully, why not just use PAM via
> I forgot to mention that I did try saslauthd with pam. It leak memory
> too, but I have not investigated it yet.
> I am not a very experienced Unix system programmer, but I thought this
> was exactly the point of PAM : to provide authentication service to
> unpriviledged program. At least, when compiled against a patched SASL
> library, Cyrus imapd running as the unpriviledged cyrus user gladly
> authenticate against PAM.
> In the end, I know my requirements do not dictate Cyrus SASL
> developpement agenda, but I am stuck with either of two unsavory
> solution : install a crontab that will restart saslauthd every hour or
> depend on a patch that may or may not work with future version of the
> SASL librairy.
> The only real downside of supporting PAM as a pwcheck method seem to be
> code duplication. For the added benefit, I think it would be worth it.
> Etienne Goyer Linux Québec Technologies Inc.
> http://www.LinuxQuebec.com etienne dot goyer at linuxquebec dot com