Need for pop3d processes on Solaris 10 to scan /etc/passwd and /etc/group, twice ?
Eric Luyten
Eric.Luyten at vub.ac.be
Wed Oct 7 11:58:48 EDT 2009
On Tue, October 6, 2009 4:59 pm, Simon Matter wrote:
[me]
>> We migrated a single-server Cyrus from Solaris 9 to Solaris 10
>> early last week, jumping from 2.2.13 to 2.3.15 in the process.
>>
>> All runs pretty well, save for a huge number of authentication
>> failures when the system is under less-than-trivial load.
>>
>> cyrus-sasl-2.1.23 was compiled with -D_REENTRANT compiler flag and started
>> with '-a shadow' authentication mechanism.
>>
>> When truss-ing ("tracing") one of the pop3 processes, we can
>> observe two scans of /etc/passwd and /etc/group
>>
>> Question : at which stage would a Cyrus pop3d process need to
>> obtain information from the /etc/passwd and /etc/group files, since it does
>> not need to set euid or egid nor perform authen- tication by its own, since
>> that's handled by saslauthd (easily verifiable by halting the running
>> saslauthd, which makes all POP and IMAP authentication attempts fail) ?
>
> Doesn't it use /etc/passwd and /etc/group for doing unix-style
> authorization like checking ACL's on (shared) folders?
Simon,
Copy that.
This is the 'unix_group_enable' in imapd.conf, which defaults to '1' = 'on'
> Saslauthd is only used for authentication, isn't it?
Correct.
Eric.
More information about the Info-cyrus
mailing list