1 |
On Sun, Nov 13, 2005 at 08:41:21PM -0500, William Yang wrote: |
2 |
> >>just curious, by why not use 'net-www/mod_auth_mysql' and store your |
3 |
> >>users in a MySQL DB? |
4 |
> >Because I want a single place for storing users that all services will |
5 |
> >auth against, which also means ssh and so forth. I know that pam_mysql |
6 |
> >will bring me most of the way, but I have my doubts about using |
7 |
> >nss_mysql (which is also not in Portage). Call me crazy, but I neither |
8 |
> >trust the security nor stability of mysql :) |
9 |
> >Plus I already have experience with LDAP... |
10 |
> I run a production ISP environment--http/ftp, e-mail, limited user |
11 |
> shells, RADIUS dialup auth--using pam_mysql, and have for more than a |
12 |
> year. There have been no stability issues and, to date, no security |
13 |
> problems that we've detected. |
14 |
> The biggest problem has to do with performance, which nscd was excellent |
15 |
> for. NSCD does odd things when the MySQL queries return numbers |
16 |
> significantly smaller than the number of rows in the user auth tables -- |
17 |
> I found that it would periodically just crash when I had disabled or |
18 |
> locked-out accounts. A daemon which checks and restarts core services |
19 |
> was all I needed to take care of it, though. |
20 |
|
21 |
If you have daemons that crash periodically and needs to be restarted, I |
22 |
would say that counts as stability issues. At least it does in my book. |
23 |
|
24 |
But if you can live with it, then it's all good. I prefer the stability |
25 |
of LDAP however :) |
26 |
|
27 |
-- |
28 |
Anders |
29 |
-----BEGIN GEEK CODE BLOCK----- |
30 |
Version: 3.12 |
31 |
GCS/O d--@ s:+ a-- C++ UL+++$ P++ L+++ E- W+ N(+) o K? w O-- M- V |
32 |
PS+ PE@ Y+ PGP+ t 5 X R+ tv+ b++ DI+++ D+ G e- h !r y? |
33 |
------END GEEK CODE BLOCK------ |
34 |
PGPKey: http://random.sks.keyserver.penguin.de:11371/pks/lookup?op=get&search=0xD4DEFED0 |
35 |
-- |
36 |
gentoo-security@g.o mailing list |