Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: William Yang <wyang@...>
Subject: Re: Advice about security solution
Date: Sun, 13 Nov 2005 20:41:21 -0500
Anders Bruun Olsen wrote:
> On Wed, Nov 09, 2005 at 05:30:28PM -0500, xyon wrote:
> 
>>just curious, by why not use 'net-www/mod_auth_mysql' and store your
>>users in a MySQL DB?
> 
> 
> Because I want a single place for storing users that all services will
> auth against, which also means ssh and so forth. I know that pam_mysql
> will bring me most of the way, but I have my doubts about using
> nss_mysql (which is also not in Portage). Call me crazy, but I neither
> trust the security nor stability of mysql :)
> Plus I already have experience with LDAP...
> 

I run a production ISP environment--http/ftp, e-mail, limited user 
shells, RADIUS dialup auth--using pam_mysql, and have for more than a 
year.  There have been no stability issues and, to date, no security 
problems that we've detected.

The biggest problem has to do with performance, which nscd was excellent 
for.  NSCD does odd things when the MySQL queries return numbers 
significantly smaller than the number of rows in the user auth tables -- 
I found that it would periodically just crash when I had disabled or 
locked-out accounts.  A daemon which checks and restarts core services 
was all I needed to take care of it, though.

	-Bill
-- 
gentoo-security@g.o mailing list


Replies:
Re: Advice about security solution
-- Anders Bruun Olsen
References:
Re: Advice about security solution
-- Anders Bruun Olsen
Re: Advice about security solution
-- xyon
Re: Advice about security solution
-- Anders Bruun Olsen
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Advice about security solution
Next by thread:
Re: Advice about security solution
Previous by date:
Re: gpg-agent not setting environment correctly.
Next by date:
Re: Advice about security solution


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.