1 |
Anders Bruun Olsen wrote: |
2 |
> On Wed, Nov 09, 2005 at 05:30:28PM -0500, xyon wrote: |
3 |
> |
4 |
>>just curious, by why not use 'net-www/mod_auth_mysql' and store your |
5 |
>>users in a MySQL DB? |
6 |
> |
7 |
> |
8 |
> Because I want a single place for storing users that all services will |
9 |
> auth against, which also means ssh and so forth. I know that pam_mysql |
10 |
> will bring me most of the way, but I have my doubts about using |
11 |
> nss_mysql (which is also not in Portage). Call me crazy, but I neither |
12 |
> trust the security nor stability of mysql :) |
13 |
> Plus I already have experience with LDAP... |
14 |
> |
15 |
|
16 |
I run a production ISP environment--http/ftp, e-mail, limited user |
17 |
shells, RADIUS dialup auth--using pam_mysql, and have for more than a |
18 |
year. There have been no stability issues and, to date, no security |
19 |
problems that we've detected. |
20 |
|
21 |
The biggest problem has to do with performance, which nscd was excellent |
22 |
for. NSCD does odd things when the MySQL queries return numbers |
23 |
significantly smaller than the number of rows in the user auth tables -- |
24 |
I found that it would periodically just crash when I had disabled or |
25 |
locked-out accounts. A daemon which checks and restarts core services |
26 |
was all I needed to take care of it, though. |
27 |
|
28 |
-Bill |
29 |
-- |
30 |
gentoo-security@g.o mailing list |