Re: Password file with over 3000 users.
--On September 18, 2007 5:19:15 PM +0200 Ian <iforbes@zsd.co.za> wrote:
Hi All
I have a server which runs with normal passwd/shadow/group/gshadow
files. There are now over 3000 users and I am beginning to notice a
performance slowdown and it is about time I looked for something more
efficient - I like the idea of db or cdb database files.
You've got two issues to solve here. Authentication you actually have more
options than UID/Groups mapping which is controlled by the name service
swith library, libnss. LDAP can solve both using libnss-ldap, modifying
/etc/ldap.conf and /etc/nsswitch.conf and then importing your passwd file
into LDAP. That's actually what we use here, though we modified the
'stock' LDAP configuration to allow a substr index on one of the fields
that normally isn't allowed by the LDAP schema. It was causing the LDAP
servers to thrash. The solution is seamless to the users, the LDAP system
supports crypt or md5 based passwords as normal since the password calls,e
tc, are all handled via the normal pam_unix library via libnss, which is
exactly how it does it anyway. The only difference is where it's obtaining
the users.
There also might be a way (and i haven't looke dinto this) to get Linux to
use a GDB/BDB passwd.db like *BSD's do.
My requirements:
- Must be pam compatible.
- Most users have MD5 passwords, but some are still crypt passwords. I
do not have ready access to the original plain text passwords.
- I don't want to mess around with too much, so I must have real "Unix
accounts" (UID's and home directories) for each user.
- Vanilla Debian "deb" packages.
What alternatives should I consider?
Thanks
Ian
--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
--
Michael Loftis
Modwest Operations Manager
Powerful, Affordable Web Hosting
Reply to: