Hi list, I'm currently looking into future e-mail solutions for our university. We would like to use external authentication databases (LDAP in all probability) for user authentication. To me it seems that PAM is the best way to go to get all software to authenticate via any means you might want to, but none of the two solutions that we are testing so far support it. When I asked them why, one of the manufacturers replied that they had so far not included PAM support because all current PAM implementations were buggy in multi-threaded environments and tended to crash when working with large numbers of users. While I strongly doubt this statement, I have to admit I have yet to test PAM in an environment with as many users as our mailserver will have (~25,000 users). I am wondering if anybody on this list is using PAM on their SuSE boxes (or any other *NIX environment) for authentication (mail/ftp/whatever) with this number of users, or has had any negative experiences with this number of users and PAM. TIA Stefan
Hi List, Hi Stefean, I've no experiences programming with PAM myself, but I found a statement about MT-safeness within the manpages of our university's Solaris boxes: --cite-- [...] ATTRIBUTES See attributes(5) for description of the following attri- butes: ____________________________________________________________ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | |_____________________________|_____________________________| | MT Level | MT-Safe with exceptions | |_____________________________|_____________________________| SEE ALSO login(1), pam_authenticate(3), pam_chauthtok(3), pam_open_session(3), pam_set_item(3), pam_setcred(3), pam_sm(3), pam_start(3), pam_strerror(3), pam.conf(4), attributes(5) NOTES The interfaces in libpam() are MT-Safe only if each thread ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ within the multithreaded application uses its own PAM han- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ dle. ^^^^ SunOS 5.7 Last change: 13 Oct 1998 4 --cite-- I hope, that helps! Best regards, Jürgen Stefan Suurmeijer wrote:
Hi list,
I'm currently looking into future e-mail solutions for our university. We would like to use external authentication databases (LDAP in all probability) for user authentication. To me it seems that PAM is the best way to go to get all software to authenticate via any means you might want to, but none of the two solutions that we are testing so far support it. When I asked them why, one of the manufacturers replied that they had so far not included PAM support because all current PAM implementations were buggy in multi-threaded environments and tended to crash when working with large numbers of users. While I strongly doubt this statement, I have to admit I have yet to test PAM in an environment with as many users as our mailserver will have (~25,000 users). I am wondering if anybody on this list is using PAM on their SuSE boxes (or any other *NIX environment) for authentication (mail/ftp/whatever) with this number of users, or has had any negative experiences with this number of users and PAM.
TIA
Stefan
--------------------------------------------------------------------- Jürgen Ellinger Siemensstraße 44 88250 Weingarten e-mail: ellinger@informatik.uni-tuebingen.de ellinger@student.uni-tuebingen.de
participants (2)
-
Jürgen Ellinger
-
Stefan Suurmeijer