[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using MySQL as user database


On Thu, 17 Sep 1998, Alexander List wrote:

> Hi!
> I am thinking about using mysql for administering my user database, as it
> will probably be quite large (expected round 10000 users).
> I thought about the following ways to do this:
> 1) using normal passwd/shadow files, dumped regularly from mysql

I distribute a billing package which includes the functionality to do
this: http://www.sisd.com/freeside

It would probably be pretty simple to get it to work with the various
RADII (RADIUSes?) that authenticate via {m,My,Postgre}SQL.

I'm curious if anyone is authenticating via DBI?

>    I encountered the following difficulties with this approach:
>    a) I do not want to store clear passwords anywhere, so
>    b) I would have to encrypt the user passwords "manually" when adding
>       a user to the database

my(@saltset)= ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' );
srand(time||$$); # use Math::TrulyRandom, this is just an example
$encrypted_password = crypt ( $password,

> 2) patching shadow so that it can use mysql for authentication
>    I think there are even more problems with this approach, because
>    not only shadow uses the passwd/shadow database, but the whole libc
>    does, and I'm not sure if all my programs that need user information
>    use the getpwent() function of the C library...


> So my question is:
>    Has anyone done something like this before?

I've done most everything except using a machine to authenticate directly
from MySQL.

>    What do you think is the best approach? 

Sure beats the hell out of NIS.  You can copy the MySQL files around with
scp, or, even better, rsync over ssh.

>    I thought about writing a script that
>    *) creates the user in the system with a random password that is of
>       course sent to the printer immediately (well, at least the user 
>       should know his/her password) with all the other account info,
>    *) creates the user in the MySQL database with no password information,
>       but details such as account status (active, hold, delete),
>    and a cron job that
>    *) updates the password database regularly, that is, removes users 
>       from the database or puts a * into the passwd file according to the
>       user status in the SQL database

I prepend `*SUSPENDED* ', which has the same effect.

> I would greatly appreciate any suggestions on this topic!
> Thanks in advance for your help...
> Alex
> Alexander List @ HTU Graz, Rechbauerstr. 12, A-8010 Graz
> Tel: +43-316-873-5111 Fax: +43-316-873-5115
> mailto:alexlist@sbox.tu-graz.ac.at  
> http://www.sbox.tu-graz.ac.at/home/alexlist
> PGP public key available via WWW or on request
> --------------------------------------------------------------------------

Ivan Kohler <ivan@sisd.com> - finger for PGP key
Silicon Interactive Software Design - http://www.sisd.com/ - 888-670-SISD
Open-source billing and administration for ISPs - http://www.sisd.com/freeside
20 4,16 * * * saytime # please don't be surprised if you find me dreaming too

Reply to: