Re: Using MySQL as user database

To: <alexlist@sbox.tu-graz.ac.at>, <debian-user@lists.debian.org>
Cc: <linuxisp@friendly.jeffnet.org>
Subject: Re: Using MySQL as user database
From: "Eric Calvert" <eric@caveland.net>
Date: Thu, 17 Sep 1998 11:44:29 -0500
Message-id: <[🔎] 002601bde25a$703816e0$02da9ad0@whoami.caveland.net>

With that many users, wouldn't it be best to just authenticate everything
directly from the database?  You've probably on got a handful of things
that people need to be authenticated for way...

    dialup
    incoming/outgoing mail
    ftp

Then, only those who really NEED shell access need be in the passwd/shadow
files.

Eric Calvert
Caveland Connection
http://www.caveland.net

-----Original Message-----
From: Alexander List <alexlist@sbox.tu-graz.ac.at>
To: debian-user@lists.debian.org <debian-user@lists.debian.org>
Cc: linuxisp@friendly.jeffnet.org <linuxisp@friendly.jeffnet.org>
Date: Thursday, September 17, 1998 11:19 AM
Subject: Using MySQL as user database


>Hi!
>
>I am thinking about using mysql for administering my user database, as it
>will probably be quite large (expected round 10000 users).
>
>I thought about the following ways to do this:
>
>1) using normal passwd/shadow files, dumped regularly from mysql
>
>   I encountered the following difficulties with this approach:
>
>   a) I do not want to store clear passwords anywhere, so
>   b) I would have to encrypt the user passwords "manually" when adding
>      a user to the database
>
>2) patching shadow so that it can use mysql for authentication
>
>   I think there are even more problems with this approach, because
>   not only shadow uses the passwd/shadow database, but the whole libc
>   does, and I'm not sure if all my programs that need user information
>   use the getpwent() function of the C library...
>
>So my question is:
>
>   Has anyone done something like this before?
>
>   What do you think is the best approach?
>
>   I thought about writing a script that
>
>   *) creates the user in the system with a random password that is of
>      course sent to the printer immediately (well, at least the user
>      should know his/her password) with all the other account info,
>   *) creates the user in the MySQL database with no password information,
>      but details such as account status (active, hold, delete),
>
>   and a cron job that
>
>   *) updates the password database regularly, that is, removes users
>      from the database or puts a * into the passwd file according to the
>      user status in the SQL database
>
>I would greatly appreciate any suggestions on this topic!
>
>Thanks in advance for your help...
>
>Alex
>--------------------------------------------------------------------------
>"Nobody will ever need more than 640k RAM!"
>                           -- Bill Gates, 1981
>"Windows 95 needs at least 8 MB RAM."
>                           -- Bill Gates, 1996
>"Nobody will ever need Windows 95."
>                           -- logical conclusion
>
>**************************************************************************
>
>Alexander List @ HTU Graz, Rechbauerstr. 12, A-8010 Graz
>Tel: +43-316-873-5111 Fax: +43-316-873-5115
>
>mailto:alexlist@sbox.tu-graz.ac.at
>http://www.sbox.tu-graz.ac.at/home/alexlist
>
>PGP public key available via WWW or on request
>--------------------------------------------------------------------------
>
>
>

Reply to:

Prev by Date: X DSelect
Next by Date: Re: X DSelect
Previous by thread: Re: Using MySQL as user database
Next by thread: X DSelect
Index(es):
- Date
- Thread