Re: Using MySQL as user database

To: Alexander List <alexlist@sbox.tu-graz.ac.at>
Cc: debian-user@lists.debian.org, linuxisp@friendly.jeffnet.org
Subject: Re: Using MySQL as user database
From: Ivan Kohler <ivan@sisd.com>
Date: Fri, 18 Sep 1998 00:44:24 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.3.96.980917235819.26180D-100000@pouncequick.sisd.com>
In-reply-to: <[🔎] Pine.LNX.3.96.980917170504.2109A-100000@fhtupc154.tu-graz.ac.at>

Hello,

On Thu, 17 Sep 1998, Alexander List wrote:

> Hi!
> 
> I am thinking about using mysql for administering my user database, as it
> will probably be quite large (expected round 10000 users).
> 
> I thought about the following ways to do this:
> 
> 1) using normal passwd/shadow files, dumped regularly from mysql

I distribute a billing package which includes the functionality to do
this: http://www.sisd.com/freeside

It would probably be pretty simple to get it to work with the various
RADII (RADIUSes?) that authenticate via {m,My,Postgre}SQL.

I'm curious if anyone is authenticating via DBI?

>    I encountered the following difficulties with this approach:
>    
>    a) I do not want to store clear passwords anywhere, so
>    b) I would have to encrypt the user passwords "manually" when adding
>       a user to the database

#!/usr/bin/perl
my(@saltset)= ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' );
srand(time||$$); # use Math::TrulyRandom, this is just an example
$encrypted_password = crypt ( $password,
                              $saltset[int(rand(64))],
                              $saltset[int(rand(64))],
                            );

> 
> 2) patching shadow so that it can use mysql for authentication
>    
>    I think there are even more problems with this approach, because
>    not only shadow uses the passwd/shadow database, but the whole libc
>    does, and I'm not sure if all my programs that need user information
>    use the getpwent() function of the C library...

PAM?

> 
> So my question is:
> 
>    Has anyone done something like this before?

I've done most everything except using a machine to authenticate directly
from MySQL.

>    
>    What do you think is the best approach? 

Sure beats the hell out of NIS.  You can copy the MySQL files around with
scp, or, even better, rsync over ssh.

>
> 
>    I thought about writing a script that
> 
>    *) creates the user in the system with a random password that is of
>       course sent to the printer immediately (well, at least the user 
>       should know his/her password) with all the other account info,
>
>    *) creates the user in the MySQL database with no password information,
>       but details such as account status (active, hold, delete),
>
>    
>    and a cron job that
> 
>    *) updates the password database regularly, that is, removes users 
>       from the database or puts a * into the passwd file according to the
>       user status in the SQL database

I prepend `*SUSPENDED* ', which has the same effect.

> 
> I would greatly appreciate any suggestions on this topic!
> 
> Thanks in advance for your help...
> 
> Alex
[snip]
> Alexander List @ HTU Graz, Rechbauerstr. 12, A-8010 Graz
> Tel: +43-316-873-5111 Fax: +43-316-873-5115
> 
> mailto:alexlist@sbox.tu-graz.ac.at  
> http://www.sbox.tu-graz.ac.at/home/alexlist
> 
> PGP public key available via WWW or on request
> --------------------------------------------------------------------------

-- 
Ivan Kohler <ivan@sisd.com> - finger for PGP key
Silicon Interactive Software Design - http://www.sisd.com/ - 888-670-SISD
Open-source billing and administration for ISPs - http://www.sisd.com/freeside
20 4,16 * * * saytime # please don't be surprised if you find me dreaming too

Reply to:

References:
- Using MySQL as user database
  - From: Alexander List <alexlist@sbox.tu-graz.ac.at>

Prev by Date: installation: hard disk partion segmentation fault
Next by Date: a basic kernel
Previous by thread: Re: Using MySQL as user database
Next by thread: Re: Using MySQL as user database
Index(es):
- Date
- Thread