Gentoo Archives: gentoo-security

From: William Yang <wyang@××××.net>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Advice about security solution
Date: Mon, 14 Nov 2005 01:46:28
In Reply to: Re: [gentoo-security] Advice about security solution by Anders Bruun Olsen
Anders Bruun Olsen wrote:
> On Wed, Nov 09, 2005 at 05:30:28PM -0500, xyon wrote: > >>just curious, by why not use 'net-www/mod_auth_mysql' and store your >>users in a MySQL DB? > > > Because I want a single place for storing users that all services will > auth against, which also means ssh and so forth. I know that pam_mysql > will bring me most of the way, but I have my doubts about using > nss_mysql (which is also not in Portage). Call me crazy, but I neither > trust the security nor stability of mysql :) > Plus I already have experience with LDAP... >
I run a production ISP environment--http/ftp, e-mail, limited user shells, RADIUS dialup auth--using pam_mysql, and have for more than a year. There have been no stability issues and, to date, no security problems that we've detected. The biggest problem has to do with performance, which nscd was excellent for. NSCD does odd things when the MySQL queries return numbers significantly smaller than the number of rows in the user auth tables -- I found that it would periodically just crash when I had disabled or locked-out accounts. A daemon which checks and restarts core services was all I needed to take care of it, though. -Bill -- gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] Advice about security solution Anders Bruun Olsen <anders@×××××××××××.net>