[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Using MySQL as user database



Hi!

I am thinking about using mysql for administering my user database, as it
will probably be quite large (expected round 10000 users).

I thought about the following ways to do this:

1) using normal passwd/shadow files, dumped regularly from mysql
   
   I encountered the following difficulties with this approach:
   
   a) I do not want to store clear passwords anywhere, so
   b) I would have to encrypt the user passwords "manually" when adding
      a user to the database

2) patching shadow so that it can use mysql for authentication
   
   I think there are even more problems with this approach, because
   not only shadow uses the passwd/shadow database, but the whole libc
   does, and I'm not sure if all my programs that need user information
   use the getpwent() function of the C library...

So my question is:

   Has anyone done something like this before?
   
   What do you think is the best approach? 

   I thought about writing a script that

   *) creates the user in the system with a random password that is of
      course sent to the printer immediately (well, at least the user 
      should know his/her password) with all the other account info,
   *) creates the user in the MySQL database with no password information,
      but details such as account status (active, hold, delete),
   
   and a cron job that

   *) updates the password database regularly, that is, removes users 
      from the database or puts a * into the passwd file according to the
      user status in the SQL database

I would greatly appreciate any suggestions on this topic!

Thanks in advance for your help...

Alex
-------------------------------------------------------------------------- 
"Nobody will ever need more than 640k RAM!"
                           -- Bill Gates, 1981
"Windows 95 needs at least 8 MB RAM."
                           -- Bill Gates, 1996
"Nobody will ever need Windows 95."
                           -- logical conclusion

************************************************************************** 

Alexander List @ HTU Graz, Rechbauerstr. 12, A-8010 Graz
Tel: +43-316-873-5111	Fax: +43-316-873-5115

mailto:alexlist@sbox.tu-graz.ac.at  
http://www.sbox.tu-graz.ac.at/home/alexlist

PGP public key available via WWW or on request
--------------------------------------------------------------------------




Reply to: