Subject: Re: PAM pwcheck method ?
From: Etienne Goyer (etienne dot goyer at linuxquebec dot com)
Date: Thu May 08 2003 - 14:12:47 EDT
Thanks. I will be giving it a try soon.
On Thu, May 08, 2003 at 01:09:29PM -0400, John Lockard wrote:
> Hi Etienne,
> I had the same problem with memory leaks with saslauthd and pam.
> I grabbed the current source from CVS and the problem is now
> --On Thursday, May 08, 2003 11:21:25 AM -0400 Etienne Goyer
> <etienne dot goyer at linuxquebec dot com> wrote:
> > By error, I replied directly to M. Siemborski instead of the list. I am
> > reposting my reply to the list in case someone would like to discuss
> > further on the issue.
> > On Tue, May 06, 2003 at 12:49:03PM -0400, Rob Siemborski wrote:
> >> On Tue, 6 May 2003, Etienne Goyer wrote:
> >> > I had been discussing outside the list with Michael Bacon of Duke
> >> > about
> >> > similar problems he had and he sent me a patch to add PAM as a
> >> > pwcheck
> >> > method to Cyrus-SASL. The patch applied and compiled without any
> >> > problem. My preliminary test where satisfying; the performance was
> >> > correct and there was no leak or instability that I could find.
> >> If you are able to use PAM successfully, why not just use PAM via
> >> saslauthd?
> > I forgot to mention that I did try saslauthd with pam. It leak memory
> > too, but I have not investigated it yet.
> > I am not a very experienced Unix system programmer, but I thought this
> > was exactly the point of PAM : to provide authentication service to
> > unpriviledged program. At least, when compiled against a patched SASL
> > library, Cyrus imapd running as the unpriviledged cyrus user gladly
> > authenticate against PAM.
> > In the end, I know my requirements do not dictate Cyrus SASL
> > developpement agenda, but I am stuck with either of two unsavory
> > solution : install a crontab that will restart saslauthd every hour or
> > depend on a patch that may or may not work with future version of the
> > SASL librairy.
> > The only real downside of supporting PAM as a pwcheck method seem to be
> > code duplication. For the added benefit, I think it would be worth it.
> > Regards,
> > --
> > Etienne Goyer Linux Québec Technologies Inc.
> > http://www.LinuxQuebec.com etienne dot goyer at linuxquebec dot com
-- Etienne Goyer Linux Québec Technologies Inc. http://www.LinuxQuebec.com etienne dot goyer at linuxquebec dot com