[squid-users] Re: Pam_auth eats my cpu!

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 12 Feb 2002 12:12:36 +0100

I have tried everything I can think of, but I cannot reproduce your

I have tested the pam_auth module on RedHat-7.2 using Squid-2.5 and
the following PAM configurations:

auth required /lib/security/pam_unix.so shadow nullok
account required /lib/security/pam_unix.so


auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth

where system-auth looks like
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so

account required /lib/security/pam_unix.so
[... password and session cut away for readability]

On your request I have also tested with a bare pam_auth.so

auth required /lib/security/pam_unix.so
account required /lib/security/pam_unix.so

and in all cases it seems to work flawlessly.

Relevant system packages on the test machine (RedHat-7.2 based):


# This is the configuration file for the pwdb library




passwd: files nisplus
shadow: files nisplus
group: files nisplus

NIS not running.

All passwords in /etc/shadow

Maybe some hint can be provided by strace

   strace -p <pid_of_a_pam_auth_helper>

As you say it seems to be related to the account stage you can
disable this in pam_auth-2.0 by using the commandline option -o

To get a full list of commandline options in pam_auth-2.0 run
"pam_auth -h". Not all are documented in the man page yet.

Henrik Nordström

On Monday 11 February 2002 07.19, Ian McDonald wrote:
> Henrik,
> I am having great difficulty getting pam_auth to do anything other
> than use two processes to consume about 48% of the cpu each. Squid
> seems to use the rest of the cpu.
> I am currently using RedHat 7.2 but saw the same problem under 7.1.
> /etc/pam.d/squid contains:
> auth required /lib/security/pam_unix.so
> account required /lib/security/pam_unix.so
> I have installed pam_auth-2.0 but had the same problem with the
> pam_auth that came with RH 7.1 and 7.2.
> I have searched the web for similar problems at other sites and
> only found one. He solved his problem by installing squid_auth
> from conectiva. I would rather fix the problem I have because I am
> trying to mimic an older working RedHat system before I upgrade it.
> I can run pam_auth interactively as either root or a non-privileged
> user and it produces the correct results (pam_auth is suid root).
> If I have just the auth line in the conf file above I don't have
> the problem with the cpu being used up, but then, I don't get
> authorised either :-(
> It appears that the problem is associated with the account line in
> the conf file but I don't have enough Linux experience to take this
> any further.
> I am at my wits end. Do you have any suggestions?
> Thank you in anticipation,
> Ian McDonald

MARA Systems AB, Giving you basic free Squid support
Customized solutions, packaged solutions and priority support
available on request
Received on Tue Feb 12 2002 - 04:21:02 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:13 MST