Need for pop3d processes on Solaris 10 to scan /etc/passwd and /etc/group, twice ?

Simon Matter simon.matter at invoca.ch
Tue Oct 6 10:59:00 EDT 2009


> Folks,
>
>
> We migrated a single-server Cyrus from Solaris 9 to Solaris 10
> early last week, jumping from 2.2.13 to 2.3.15 in the process.
>
> All runs pretty well, save for a huge number of authentication
> failures when the system is under less-than-trivial load.
>
> cyrus-sasl-2.1.23 was compiled with -D_REENTRANT compiler flag
> and started with '-a shadow' authentication mechanism.
>
> When truss-ing ("tracing") one of the pop3 processes, we can
> observe two scans of /etc/passwd and /etc/group
>
> Question : at which stage would a Cyrus pop3d process need to
> obtain information from the /etc/passwd and /etc/group files,
> since it does not need to set euid or egid nor perform authen-
> tication by its own, since that's handled by saslauthd (easily
> verifiable by halting the running saslauthd, which makes all
> POP and IMAP authentication attempts fail) ?
>
>
> All hints very welcome,

Doesn't it use /etc/passwd and /etc/group for doing unix-style 
authorization like checking ACL's on (shared) folders? Saslauthd is only
used for authentication, isn't it?

Regards,
Simon



More information about the Info-cyrus mailing list