pam_radius_auth threading issues
Rich Graves
rcgraves at gmail.com
Mon Oct 3 19:00:27 CEST 2005
I've inherited a setup with authentication information on a local freeradius
1.0.5 server and OpenLDAP (with pthreads) configured to authenticate to SASL
(v1 interface), which in turn uses PAM, which in turn is configured to check
passwords with pam_radius_auth 1.3.16. All of this is on Linux RHEL3.
This setup regularly fails under any sort of concurrency. Threading issues
seem one likely reason. pam_radius_auth.c hasn't been touched in a while and
hasn't had the same attention to thread safety as the core freeradius code.
Has anyone else been down the road of cleaning up the calls to
gethostbyname, variable scoping, etc? I know enough to recognize the
problem, but don't really trust myself to fix it.
Obvious workarounds for me include switching from SASL1/PAM to SASL2 and
saslauthd; de-threading OpenLDAP (ick); or migrating the authoritative
password store out of Radius entirely. But all of these have performance or
operational issues here. I'd really like to get pam_radius_auth working as
my predecessors (wrongly) thought it would.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051003/65125973/attachment.html>
More information about the Freeradius-Users
mailing list