Norbert Kottmann writes:
HiSimple question: Is it possible to use authpam directly as authentication module in imap and pop3 daemons instead of authdaemon which calls then authdaemond and after that authpam?
Anything is possible if you write the code to do it.
We are using courier-0.47 on Debian sarge.
Actually, this is a prehistoric version of Courier where this is still possible, but nobody really cares about spending time on this ancient dinosaur any more; and, in any case, you will need to recompile it.
We also found by debugging that authdaemond.c select call only reacts these 150 events. So there must be an error in the socket communication from authdaemon to authdaemond.
You should also find a brief mention in INSTALL that when the volume of authentication requests begins overloading authdaemon, you simply need to increase the number of concurrent processes, using the authdaemonrc configuration file.
By debugging the stacktrace of courierauthtest we found exactly the missing requets. They all produced:connect(3, {sa_family=AF_FILE, path="/var/run/courier/authdaemon/ socket"}, 110) = -1 EAGAIN (Resource temporarily unavailable)
The connect(2) man page explains it all for you:
EAGAIN No more free local ports or insufficient entries in the routing
cache. For PF_INET see the net.ipv4.ip_local_port_range sysctl
in ip(7) on how to increase the number of local ports.
You have exceeded the maximum limits of your kernel configuration.
pgpv0yW00fT0T.pgp
Description: PGP signature
