[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Admin for E-MAIL users only

On Sat, 2002-07-06 at 22:19, Craig Sanders wrote:

> > But if you configure files lookups before db lookups the uid 0 entry in
> > LDAP or SQL would never be used right?  Snippet from /etc/nsswitch.conf:
> > passwd:         files mysql
> > shadow:         files mysql
> > group:          files mysql
> nope.
> any account with uid=0 is root.  you can have multiple uid=0 accounts
> in /etc/passwd or in mysql or anywhere else the system is configured to
> get auth info from.

Right, I feel silly now :-)

> 1. use a decent database like postgres rather than a toy like mysql and
> set a trigger to prevent creation of records in your accounts table

I have heard it said that SQL databases in general are just interfaces
to files for people that don't know how to program ... I don't agree
with that, or your statement.

MySQL is very robust, very easy to use and supports 95% of the features
I've ever needed.  Subselects are the one that I do consider a PITA and
they are going to be supported in the near future.

I have seen postgres systems that eat disk space like candy, needing
vacuumdb (?) run frequently to keep it under control.  I've seen
corruption much more often than I'd care to as well.  Things like
dropping a table, then later when you try to recreate it is claimed to
exist, try to drop again, it doesn't exist, try to add it, etc.

In cases where transaction support, triggers and other such things are
truly needed I wouldn't feel comfortable with either MySQL or

> 2. use PAM rather than nsswitch modules - that way you can configure
> which services will get acct info from the database.  e.g. your MTA,
> local delivery agent, pop & imap daemons but NOT login, ssh, telnet,
> ftp, or anything else.

Good point!


To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: