Hello, On Thu, 17 Sep 1998, Alexander List wrote:
> Hi! > > I am thinking about using mysql for administering my user database, as it > will probably be quite large (expected round 10000 users). > > I thought about the following ways to do this: > > 1) using normal passwd/shadow files, dumped regularly from mysql I distribute a billing package which includes the functionality to do this: http://www.sisd.com/freeside It would probably be pretty simple to get it to work with the various RADII (RADIUSes?) that authenticate via {m,My,Postgre}SQL. I'm curious if anyone is authenticating via DBI? > I encountered the following difficulties with this approach: > > a) I do not want to store clear passwords anywhere, so > b) I would have to encrypt the user passwords "manually" when adding > a user to the database #!/usr/bin/perl my(@saltset)= ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' ); srand(time||$$); # use Math::TrulyRandom, this is just an example $encrypted_password = crypt ( $password, $saltset[int(rand(64))], $saltset[int(rand(64))], ); > > 2) patching shadow so that it can use mysql for authentication > > I think there are even more problems with this approach, because > not only shadow uses the passwd/shadow database, but the whole libc > does, and I'm not sure if all my programs that need user information > use the getpwent() function of the C library... PAM? > > So my question is: > > Has anyone done something like this before? I've done most everything except using a machine to authenticate directly from MySQL. > > What do you think is the best approach? Sure beats the hell out of NIS. You can copy the MySQL files around with scp, or, even better, rsync over ssh. > > > I thought about writing a script that > > *) creates the user in the system with a random password that is of > course sent to the printer immediately (well, at least the user > should know his/her password) with all the other account info, > > *) creates the user in the MySQL database with no password information, > but details such as account status (active, hold, delete), > > > and a cron job that > > *) updates the password database regularly, that is, removes users > from the database or puts a * into the passwd file according to the > user status in the SQL database I prepend `*SUSPENDED* ', which has the same effect. > > I would greatly appreciate any suggestions on this topic! > > Thanks in advance for your help... > > Alex [snip] > Alexander List @ HTU Graz, Rechbauerstr. 12, A-8010 Graz > Tel: +43-316-873-5111 Fax: +43-316-873-5115 > > mailto:[EMAIL PROTECTED] > http://www.sbox.tu-graz.ac.at/home/alexlist > > PGP public key available via WWW or on request > -------------------------------------------------------------------------- -- Ivan Kohler <[EMAIL PROTECTED]> - finger for PGP key Silicon Interactive Software Design - http://www.sisd.com/ - 888-670-SISD Open-source billing and administration for ISPs - http://www.sisd.com/freeside 20 4,16 * * * saytime # please don't be surprised if you find me dreaming too