Re: Using MySQL as user database
Hello,
On Thu, 17 Sep 1998, Alexander List wrote:
> Hi!
>
> I am thinking about using mysql for administering my user database, as it
> will probably be quite large (expected round 10000 users).
>
> I thought about the following ways to do this:
>
> 1) using normal passwd/shadow files, dumped regularly from mysql
I distribute a billing package which includes the functionality to do
this: http://www.sisd.com/freeside
It would probably be pretty simple to get it to work with the various
RADII (RADIUSes?) that authenticate via {m,My,Postgre}SQL.
I'm curious if anyone is authenticating via DBI?
> I encountered the following difficulties with this approach:
>
> a) I do not want to store clear passwords anywhere, so
> b) I would have to encrypt the user passwords "manually" when adding
> a user to the database
#!/usr/bin/perl
my(@saltset)= ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' );
srand(time||$$); # use Math::TrulyRandom, this is just an example
$encrypted_password = crypt ( $password,
$saltset[int(rand(64))],
$saltset[int(rand(64))],
);
>
> 2) patching shadow so that it can use mysql for authentication
>
> I think there are even more problems with this approach, because
> not only shadow uses the passwd/shadow database, but the whole libc
> does, and I'm not sure if all my programs that need user information
> use the getpwent() function of the C library...
PAM?
>
> So my question is:
>
> Has anyone done something like this before?
I've done most everything except using a machine to authenticate directly
from MySQL.
>
> What do you think is the best approach?
Sure beats the hell out of NIS. You can copy the MySQL files around with
scp, or, even better, rsync over ssh.
>
>
> I thought about writing a script that
>
> *) creates the user in the system with a random password that is of
> course sent to the printer immediately (well, at least the user
> should know his/her password) with all the other account info,
>
> *) creates the user in the MySQL database with no password information,
> but details such as account status (active, hold, delete),
>
>
> and a cron job that
>
> *) updates the password database regularly, that is, removes users
> from the database or puts a * into the passwd file according to the
> user status in the SQL database
I prepend `*SUSPENDED* ', which has the same effect.
>
> I would greatly appreciate any suggestions on this topic!
>
> Thanks in advance for your help...
>
> Alex
[snip]
> Alexander List @ HTU Graz, Rechbauerstr. 12, A-8010 Graz
> Tel: +43-316-873-5111 Fax: +43-316-873-5115
>
> mailto:alexlist@sbox.tu-graz.ac.at
> http://www.sbox.tu-graz.ac.at/home/alexlist
>
> PGP public key available via WWW or on request
> --------------------------------------------------------------------------
--
Ivan Kohler <ivan@sisd.com> - finger for PGP key
Silicon Interactive Software Design - http://www.sisd.com/ - 888-670-SISD
Open-source billing and administration for ISPs - http://www.sisd.com/freeside
20 4,16 * * * saytime # please don't be surprised if you find me dreaming too
Reply to: