I've inherited a setup with authentication information on a local freeradius 1.0.5 server and OpenLDAP (with pthreads) configured to authenticate to SASL (v1 interface), which in turn uses PAM, which in turn is configured to check passwords with pam_radius_auth 1.3.16. All of this is on Linux RHEL3.

This setup regularly fails under any sort of concurrency. Threading issues seem one likely reason. pam_radius_auth.c hasn't been touched in a while and hasn't had the same attention to thread safety as the core freeradius code.

Has anyone else been down the road of cleaning up the calls to gethostbyname, variable scoping, etc? I know enough to recognize the problem, but don't really trust myself to fix it.

Obvious workarounds for me include switching from SASL1/PAM to SASL2 and saslauthd; de-threading OpenLDAP (ick); or migrating the authoritative password store out of Radius entirely. But all of these have performance or operational issues here. I'd really like to get pam_radius_auth working as my predecessors (wrongly) thought it would.