saslauthd performance anxiety

Paul M Fleming pfleming at siumed.edu
Fri Jan 10 11:55:37 EST 2003


Good point.. I don't have to store the cleartext version in order to do
the compare.. if i save the hash and just hash what the user submits and
compare them that would be sufficient.. just have to keep the cleartext
password long enough to do an actual authentication if need be.. 


Jeremy Rumpf wrote:
> 
> I always hashed the password as soon as they entered the cache. So the
> checkpoint dump would contain binary MD5, SHA hashes etc. They're not clear
> text per say, but I can see why some would not find even that ideal.
> 
> Cheers,
> Jeremy
> 
> On Friday 10 January 2003 11:07 am, Paul M Fleming wrote:
> > Personally I have issues with dumping the contents of a password cache
> > to a file. Especially in this case, they WILL be stored in cleartext. I
> > had planned on keeping somes stats (hits,misses,etc)
> >
> > Jeremy Rumpf wrote:
> > > > This whole idea sounds great, especially as I'd expect a lot of the
> > > > authentication load to come from a small number of users with their
> > > > clients set to check mail every few minutes.
> > > >
> > > > For debugging it would help if there was a way to force a flush of the
> > > > entire cache, and one to dump its contents. I'm not sure how you'd get
> > > > saslauthd to recognise maintenance commands like this - maybe some
> > > > method of "out-of-band signalling", which seems better than tinkering
> > > > with the socket protocol.
> > > >
> > > > --
> > > > Simon Brady                             mailto:simon.brady at otago.ac.nz
> > > > ITS Technical Services
> > > > University of Otago, Dunedin, New Zealand
> > >
> > > How about SIGUSR1 and SIGUSR2?
> > >
> > > Cheers,
> > > Jeremy




More information about the Info-cyrus mailing list