Need for pop3d processes on Solaris 10 to scan /etc/passwd and /etc/group, twice ?
Eric.Luyten at vub.ac.be
Tue Oct 6 10:19:59 EDT 2009
We migrated a single-server Cyrus from Solaris 9 to Solaris 10
early last week, jumping from 2.2.13 to 2.3.15 in the process.
All runs pretty well, save for a huge number of authentication
failures when the system is under less-than-trivial load.
cyrus-sasl-2.1.23 was compiled with -D_REENTRANT compiler flag
and started with '-a shadow' authentication mechanism.
When truss-ing ("tracing") one of the pop3 processes, we can
observe two scans of /etc/passwd and /etc/group
Question : at which stage would a Cyrus pop3d process need to
obtain information from the /etc/passwd and /etc/group files,
since it does not need to set euid or egid nor perform authen-
tication by its own, since that's handled by saslauthd (easily
verifiable by halting the running saslauthd, which makes all
POP and IMAP authentication attempts fail) ?
All hints very welcome,
Eric Luyten, Computing Centre VUB/ULB.
More information about the Info-cyrus