| 1 |
Anders Bruun Olsen wrote: |
| 2 |
> On Wed, Nov 09, 2005 at 05:30:28PM -0500, xyon wrote: |
| 3 |
> |
| 4 |
>>just curious, by why not use 'net-www/mod_auth_mysql' and store your |
| 5 |
>>users in a MySQL DB? |
| 6 |
> |
| 7 |
> |
| 8 |
> Because I want a single place for storing users that all services will |
| 9 |
> auth against, which also means ssh and so forth. I know that pam_mysql |
| 10 |
> will bring me most of the way, but I have my doubts about using |
| 11 |
> nss_mysql (which is also not in Portage). Call me crazy, but I neither |
| 12 |
> trust the security nor stability of mysql :) |
| 13 |
> Plus I already have experience with LDAP... |
| 14 |
> |
| 15 |
|
| 16 |
I run a production ISP environment--http/ftp, e-mail, limited user |
| 17 |
shells, RADIUS dialup auth--using pam_mysql, and have for more than a |
| 18 |
year. There have been no stability issues and, to date, no security |
| 19 |
problems that we've detected. |
| 20 |
|
| 21 |
The biggest problem has to do with performance, which nscd was excellent |
| 22 |
for. NSCD does odd things when the MySQL queries return numbers |
| 23 |
significantly smaller than the number of rows in the user auth tables -- |
| 24 |
I found that it would periodically just crash when I had disabled or |
| 25 |
locked-out accounts. A daemon which checks and restarts core services |
| 26 |
was all I needed to take care of it, though. |
| 27 |
|
| 28 |
-Bill |
| 29 |
-- |
| 30 |
gentoo-security@g.o mailing list |
Archives