Anders Bruun Olsen wrote:
> On Wed, Nov 09, 2005 at 05:30:28PM -0500, xyon wrote:
>
>>just curious, by why not use 'net-www/mod_auth_mysql' and store your
>>users in a MySQL DB?
>
>
> Because I want a single place for storing users that all services will
> auth against, which also means ssh and so forth. I know that pam_mysql
> will bring me most of the way, but I have my doubts about using
> nss_mysql (which is also not in Portage). Call me crazy, but I neither
> trust the security nor stability of mysql :)
> Plus I already have experience with LDAP...
>
I run a production ISP environment--http/ftp, e-mail, limited user
shells, RADIUS dialup auth--using pam_mysql, and have for more than a
year. There have been no stability issues and, to date, no security
problems that we've detected.
The biggest problem has to do with performance, which nscd was excellent
for. NSCD does odd things when the MySQL queries return numbers
significantly smaller than the number of rows in the user auth tables --
I found that it would periodically just crash when I had disabled or
locked-out accounts. A daemon which checks and restarts core services
was all I needed to take care of it, though.
-Bill
--
gentoo-security@g.o mailing list
|
