From: Anders Bruun Olsen <anders@bruun-olsen.net>
To: gentoo-security@lists.gentoo.org
Subject: Re: [gentoo-security] Advice about security solution
Date: Tue, 15 Nov 2005 12:36:53 +0100 [thread overview]
Message-ID: <20051115113653.GW14230@elmer.skumleren.net> (raw)
In-Reply-To: <4377EB41.70008@gcfn.net>
On Sun, Nov 13, 2005 at 08:41:21PM -0500, William Yang wrote:
> >>just curious, by why not use 'net-www/mod_auth_mysql' and store your
> >>users in a MySQL DB?
> >Because I want a single place for storing users that all services will
> >auth against, which also means ssh and so forth. I know that pam_mysql
> >will bring me most of the way, but I have my doubts about using
> >nss_mysql (which is also not in Portage). Call me crazy, but I neither
> >trust the security nor stability of mysql :)
> >Plus I already have experience with LDAP...
> I run a production ISP environment--http/ftp, e-mail, limited user
> shells, RADIUS dialup auth--using pam_mysql, and have for more than a
> year. There have been no stability issues and, to date, no security
> problems that we've detected.
> The biggest problem has to do with performance, which nscd was excellent
> for. NSCD does odd things when the MySQL queries return numbers
> significantly smaller than the number of rows in the user auth tables --
> I found that it would periodically just crash when I had disabled or
> locked-out accounts. A daemon which checks and restarts core services
> was all I needed to take care of it, though.
If you have daemons that crash periodically and needs to be restarted, I
would say that counts as stability issues. At least it does in my book.
But if you can live with it, then it's all good. I prefer the stability
of LDAP however :)
--
Anders
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/O d--@ s:+ a-- C++ UL+++$ P++ L+++ E- W+ N(+) o K? w O-- M- V
PS+ PE@ Y+ PGP+ t 5 X R+ tv+ b++ DI+++ D+ G e- h !r y?
------END GEEK CODE BLOCK------
PGPKey: http://random.sks.keyserver.penguin.de:11371/pks/lookup?op=get&search=0xD4DEFED0
--
gentoo-security@gentoo.org mailing list
next prev parent reply other threads:[~2005-11-15 11:42 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-08 22:21 [gentoo-security] Advice about security solution Anders Bruun Olsen
2005-11-08 22:47 ` Nathanael Hoyle
2005-11-09 8:16 ` Anders Bruun Olsen
2005-11-09 8:55 ` Anthony Metcalf
2005-11-09 10:00 ` Anders Bruun Olsen
2005-11-09 10:35 ` Harald Dumdey
2005-11-09 10:43 ` Anthony Metcalf
2005-11-09 11:42 ` Darren Davison
2005-11-09 12:15 ` Darren Davison
2005-11-09 12:38 ` Harald Dumdey
2005-11-09 12:30 ` Brian G. Peterson
2005-11-09 19:25 ` unaos
2005-11-09 20:21 ` Nathanael Hoyle
2005-11-09 9:03 ` Leonid Chaichenets
2005-11-09 9:22 ` Dave Strydom
2005-11-09 19:36 ` unaos
2005-11-09 19:19 ` unaos
2005-11-09 21:10 ` Anders Bruun Olsen
2005-11-09 22:30 ` xyon
2005-11-10 7:28 ` Anders Bruun Olsen
2005-11-14 1:41 ` William Yang
2005-11-15 11:36 ` Anders Bruun Olsen [this message]
2005-11-09 20:26 ` Nathanael Hoyle
2005-11-09 21:16 ` Anders Bruun Olsen
2005-11-09 22:11 ` Nathanael Hoyle
2005-11-09 20:30 ` Shane Hickey
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20051115113653.GW14230@elmer.skumleren.net \
--to=anders@bruun-olsen.net \
--cc=gentoo-security@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox