Re: Using MySQL as user database
On Thu, 17 Sep 1998, Alexander List wrote:
> Hi!
>
> I am thinking about using mysql for administering my user database, as it
> will probably be quite large (expected round 10000 users).
We do this now using PostgreSQL
>
> I thought about the following ways to do this:
>
> 1) using normal passwd/shadow files, dumped regularly from mysql
>
> I encountered the following difficulties with this approach:
>
> a) I do not want to store clear passwords anywhere, so
> b) I would have to encrypt the user passwords "manually" when adding
> a user to the database
We re-generate all flat files from databases whenever a transaction change
has been made to effect one of those files. Make a Administration front
end for entering data into the database, using Perl/DBD libraries, and
have it crypt() the passwords and then insert them into the database.
>
> 2) patching shadow so that it can use mysql for authentication
>
> I think there are even more problems with this approach, because
> not only shadow uses the passwd/shadow database, but the whole libc
> does, and I'm not sure if all my programs that need user information
> use the getpwent() function of the C library...
Just authenticate via shadow, and re-generate the shadow file from the
database whenever a change takes place.
>
> So my question is:
>
> Has anyone done something like this before?
Yes. Our database contains every configuration file for any system on
our network, including: sendmail.cw, virtusertable, httpd.conf, srm.conf,
named.boot, passwd, shadow, etc, etc. Files are re-generated when a
change was made to the database that would effect the respective file.
We also use Radiator which authenticates against this database, and
assigns check/reply attributes from the database.
>
> What do you think is the best approach?
>
> I thought about writing a script that
>
> *) creates the user in the system with a random password that is of
> course sent to the printer immediately (well, at least the user
> should know his/her password) with all the other account info,
> *) creates the user in the MySQL database with no password information,
> but details such as account status (active, hold, delete),
>
> and a cron job that
>
> *) updates the password database regularly, that is, removes users
> from the database or puts a * into the passwd file according to the
> user status in the SQL database
>
> I would greatly appreciate any suggestions on this topic!
>
> Thanks in advance for your help...
>
> Alex
> --------------------------------------------------------------------------
> "Nobody will ever need more than 640k RAM!"
> -- Bill Gates, 1981
> "Windows 95 needs at least 8 MB RAM."
> -- Bill Gates, 1996
> "Nobody will ever need Windows 95."
> -- logical conclusion
>
> **************************************************************************
>
> Alexander List @ HTU Graz, Rechbauerstr. 12, A-8010 Graz
> Tel: +43-316-873-5111 Fax: +43-316-873-5115
>
> mailto:alexlist@sbox.tu-graz.ac.at
> http://www.sbox.tu-graz.ac.at/home/alexlist
>
> PGP public key available via WWW or on request
> --------------------------------------------------------------------------
>
>
>
--------------------------------------------------------------------------
Brian Feeny (BF304) | ShreveNet Inc. - Premium Internet Service Provider
Network Administrator | Shreveport, Louisiana - http://www.shreve.net/
signal@shreve.net | Web Hosting, Virtual Domains, Storefronts,
(318)222-2NET x 109 | Database/Web Integration, 56k, ISDN, T1
Reply to: