Re: PAM pwcheck method ?


Subject: Re: PAM pwcheck method ?
From: Etienne Goyer (etienne dot goyer at linuxquebec dot com)
Date: Thu May 08 2003 - 14:12:47 EDT


Thanks. I will be giving it a try soon.

On Thu, May 08, 2003 at 01:09:29PM -0400, John Lockard wrote:
> Hi Etienne,
>
> I had the same problem with memory leaks with saslauthd and pam.
> I grabbed the current source from CVS and the problem is now
> fixed.
>
> --On Thursday, May 08, 2003 11:21:25 AM -0400 Etienne Goyer
> <etienne dot goyer at linuxquebec dot com> wrote:
>
> > By error, I replied directly to M. Siemborski instead of the list. I am
> > reposting my reply to the list in case someone would like to discuss
> > further on the issue.
> >
> > On Tue, May 06, 2003 at 12:49:03PM -0400, Rob Siemborski wrote:
> >> On Tue, 6 May 2003, Etienne Goyer wrote:
> >>
> >> > I had been discussing outside the list with Michael Bacon of Duke
> >> > about
> >> > similar problems he had and he sent me a patch to add PAM as a
> >> > pwcheck
> >> > method to Cyrus-SASL. The patch applied and compiled without any
> >> > problem. My preliminary test where satisfying; the performance was
> >> > correct and there was no leak or instability that I could find.
> >>
> >> If you are able to use PAM successfully, why not just use PAM via
> >> saslauthd?
> >
> > I forgot to mention that I did try saslauthd with pam. It leak memory
> > too, but I have not investigated it yet.
> >
> .
> .
> .
> >
> > I am not a very experienced Unix system programmer, but I thought this
> > was exactly the point of PAM : to provide authentication service to
> > unpriviledged program. At least, when compiled against a patched SASL
> > library, Cyrus imapd running as the unpriviledged cyrus user gladly
> > authenticate against PAM.
> >
> > In the end, I know my requirements do not dictate Cyrus SASL
> > developpement agenda, but I am stuck with either of two unsavory
> > solution : install a crontab that will restart saslauthd every hour or
> > depend on a patch that may or may not work with future version of the
> > SASL librairy.
> >
> > The only real downside of supporting PAM as a pwcheck method seem to be
> > code duplication. For the added benefit, I think it would be worth it.
> >
> > Regards,
> >
> > --
> > Etienne Goyer Linux Québec Technologies Inc.
> > http://www.LinuxQuebec.com etienne dot goyer at linuxquebec dot com
> >
>
>
>
>

-- 
Etienne Goyer                    Linux Québec Technologies Inc.
http://www.LinuxQuebec.com       etienne dot goyer at linuxquebec dot com







Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD