[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Password file with over 3000 users.

--On September 18, 2007 5:19:15 PM +0200 Ian <iforbes@zsd.co.za> wrote:

Hi All

I have a server which runs with normal passwd/shadow/group/gshadow
files. There are now over 3000 users and I am beginning to notice a
performance slowdown and it is about time I looked for something more
efficient - I like the idea of db or cdb database files.

You've got two issues to solve here. Authentication you actually have more options than UID/Groups mapping which is controlled by the name service swith library, libnss. LDAP can solve both using libnss-ldap, modifying /etc/ldap.conf and /etc/nsswitch.conf and then importing your passwd file into LDAP. That's actually what we use here, though we modified the 'stock' LDAP configuration to allow a substr index on one of the fields that normally isn't allowed by the LDAP schema. It was causing the LDAP servers to thrash. The solution is seamless to the users, the LDAP system supports crypt or md5 based passwords as normal since the password calls,e tc, are all handled via the normal pam_unix library via libnss, which is exactly how it does it anyway. The only difference is where it's obtaining the users.

There also might be a way (and i haven't looke dinto this) to get Linux to use a GDB/BDB passwd.db like *BSD's do.

My requirements:

- Must be pam compatible.

- Most users have MD5 passwords, but some are still crypt passwords. I
do not have ready access to the original plain text passwords.

- I don't want to mess around with too much, so I must have real "Unix
accounts" (UID's and home directories) for each user.

- Vanilla Debian "deb" packages.

What alternatives should I consider?



To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact

Michael Loftis
Modwest Operations Manager
Powerful, Affordable Web Hosting

Reply to: