Anders Bruun Olsen wrote:
On Wed, Nov 09, 2005 at 05:30:28PM -0500, xyon wrote:
just curious, by why not use 'net-www/mod_auth_mysql' and store your
users in a MySQL DB?
Because I want a single place for storing users that all services will
auth against, which also means ssh and so forth. I know that pam_mysql
will bring me most of the way, but I have my doubts about using
nss_mysql (which is also not in Portage). Call me crazy, but I neither
trust the security nor stability of mysql :)
Plus I already have experience with LDAP...
I run a production ISP environment--http/ftp, e-mail, limited user
shells, RADIUS dialup auth--using pam_mysql, and have for more than a
year. There have been no stability issues and, to date, no security
problems that we've detected.
The biggest problem has to do with performance, which nscd was excellent
for. NSCD does odd things when the MySQL queries return numbers
significantly smaller than the number of rows in the user auth tables --
I found that it would periodically just crash when I had disabled or
locked-out accounts. A daemon which checks and restarts core services
was all I needed to take care of it, though.
-Bill
--
[email protected] mailing list
