[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: non-root password lookups?

On Tue, 19 Jan 1999, Chris wrote:

> Well...then the query is at your control - and if you make a single
> query take a full second (or more) then it will take a very long time
> to brute force anything (and thats assuming there is no logging).

That doesn't solve the problem, merely slow it down.

On the subject of rpc.pwdauthd (Solaris' daemon): it makes for one heck of
a bottleneck on a mail server responding to 10-15 POP3 connections per
second - rpc.pwdauthd starts sucking up huge amounts of CPU time, and you
start getting lots of RPC timeouts.  It also uses STREAMS plus some variant
of LOCAL_CREDS to "prove" the daemon is alright.  More on this in my next


Reply to: