-
Notifications
You must be signed in to change notification settings - Fork 24
Why "external‐mt"?
In earlier times, performing an authentication was close to zero-delay. You'd just ask your local authentication service to validate a password and got an instant reply.
Times have changed, and the "local service" might now be augmented by a "cloud service" which requires some secondary user interaction, e.g. by confirming a push message on a mobile device.
The original external module didn't consider that use case, and, while it has the capability of running multiple parallel child processes, the number of those processes is limited, giving unconfirmed cloud logins the chance to block these child processes.
This is where the external-mt module comes into play. It interfaces to the pammavis-mt, radmavis-mt and ldapmavis-mt backends which handle multiple requests in parallel, via POSIX threads. That's where -mt comes from ... multi-threaded.
In case you're using something like Cisco Duo the external-mt way is the one to go.