Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Anders Bruun Olsen <anders@...>
Subject: Re: Advice about security solution
Date: Tue, 15 Nov 2005 12:36:53 +0100
On Sun, Nov 13, 2005 at 08:41:21PM -0500, William Yang wrote:
> >>just curious, by why not use 'net-www/mod_auth_mysql' and store your
> >>users in a MySQL DB?
> >Because I want a single place for storing users that all services will
> >auth against, which also means ssh and so forth. I know that pam_mysql
> >will bring me most of the way, but I have my doubts about using
> >nss_mysql (which is also not in Portage). Call me crazy, but I neither
> >trust the security nor stability of mysql :)
> >Plus I already have experience with LDAP...
> I run a production ISP environment--http/ftp, e-mail, limited user 
> shells, RADIUS dialup auth--using pam_mysql, and have for more than a 
> year.  There have been no stability issues and, to date, no security 
> problems that we've detected.
> The biggest problem has to do with performance, which nscd was excellent 
> for.  NSCD does odd things when the MySQL queries return numbers 
> significantly smaller than the number of rows in the user auth tables -- 
> I found that it would periodically just crash when I had disabled or 
> locked-out accounts.  A daemon which checks and restarts core services 
> was all I needed to take care of it, though.

If you have daemons that crash periodically and needs to be restarted, I
would say that counts as stability issues. At least it does in my book.

But if you can live with it, then it's all good. I prefer the stability
of LDAP however :)

-- 
Anders
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/O d--@ s:+ a-- C++ UL+++$ P++ L+++ E- W+ N(+) o K? w O-- M- V
PS+ PE@ Y+ PGP+ t 5 X R+ tv+ b++ DI+++ D+ G e- h !r y?
------END GEEK CODE BLOCK------
PGPKey: http://random.sks.keyserver.penguin.de:11371/pks/lookup?op=get&search=0xD4DEFED0
-- 
gentoo-security@g.o mailing list


References:
Re: Advice about security solution
-- Anders Bruun Olsen
Re: Advice about security solution
-- xyon
Re: Advice about security solution
-- Anders Bruun Olsen
Re: Advice about security solution
-- William Yang
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Advice about security solution
Next by thread:
Re: Advice about security solution
Previous by date:
Re: Advice about security solution
Next by date:
PAM/passwd? and hash tables


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.