Re: non-root password lookups?
On Tue, 19 Jan 1999, Chris wrote:
> Well...then the query is at your control - and if you make a single
> query take a full second (or more) then it will take a very long time
> to brute force anything (and thats assuming there is no logging).
That doesn't solve the problem, merely slow it down.
On the subject of rpc.pwdauthd (Solaris' daemon): it makes for one heck of
a bottleneck on a mail server responding to 10-15 POP3 connections per
second - rpc.pwdauthd starts sucking up huge amounts of CPU time, and you
start getting lots of RPC timeouts. It also uses STREAMS plus some variant
of LOCAL_CREDS to "prove" the daemon is alright. More on this in my next