On Thu, 17 Sep 1998, Alexander List wrote: > Hi! > > I am thinking about using mysql for administering my user database, as it > will probably be quite large (expected round 10000 users).
We do this now using PostgreSQL > > I thought about the following ways to do this: > > 1) using normal passwd/shadow files, dumped regularly from mysql > > I encountered the following difficulties with this approach: > > a) I do not want to store clear passwords anywhere, so > b) I would have to encrypt the user passwords "manually" when adding > a user to the database We re-generate all flat files from databases whenever a transaction change has been made to effect one of those files. Make a Administration front end for entering data into the database, using Perl/DBD libraries, and have it crypt() the passwords and then insert them into the database. > > 2) patching shadow so that it can use mysql for authentication > > I think there are even more problems with this approach, because > not only shadow uses the passwd/shadow database, but the whole libc > does, and I'm not sure if all my programs that need user information > use the getpwent() function of the C library... Just authenticate via shadow, and re-generate the shadow file from the database whenever a change takes place. > > So my question is: > > Has anyone done something like this before? Yes. Our database contains every configuration file for any system on our network, including: sendmail.cw, virtusertable, httpd.conf, srm.conf, named.boot, passwd, shadow, etc, etc. Files are re-generated when a change was made to the database that would effect the respective file. We also use Radiator which authenticates against this database, and assigns check/reply attributes from the database. > > What do you think is the best approach? > > I thought about writing a script that > > *) creates the user in the system with a random password that is of > course sent to the printer immediately (well, at least the user > should know his/her password) with all the other account info, > *) creates the user in the MySQL database with no password information, > but details such as account status (active, hold, delete), > > and a cron job that > > *) updates the password database regularly, that is, removes users > from the database or puts a * into the passwd file according to the > user status in the SQL database > > I would greatly appreciate any suggestions on this topic! > > Thanks in advance for your help... > > Alex > -------------------------------------------------------------------------- > "Nobody will ever need more than 640k RAM!" > -- Bill Gates, 1981 > "Windows 95 needs at least 8 MB RAM." > -- Bill Gates, 1996 > "Nobody will ever need Windows 95." > -- logical conclusion > > ************************************************************************** > > Alexander List @ HTU Graz, Rechbauerstr. 12, A-8010 Graz > Tel: +43-316-873-5111 Fax: +43-316-873-5115 > > mailto:[EMAIL PROTECTED] > http://www.sbox.tu-graz.ac.at/home/alexlist > > PGP public key available via WWW or on request > -------------------------------------------------------------------------- > > > -------------------------------------------------------------------------- Brian Feeny (BF304) | ShreveNet Inc. - Premium Internet Service Provider Network Administrator | Shreveport, Louisiana - http://www.shreve.net/ [EMAIL PROTECTED] | Web Hosting, Virtual Domains, Storefronts, (318)222-2NET x 109 | Database/Web Integration, 56k, ISDN, T1