Linux Administration - Users in (any) database howto/why...
Joe
joe at nationnet.com
Thu Jan 1 09:01:01 MST 2009
That is a great question. First, let me say I don't have an answer. The
reason I'm responding is that Postgres scares me. The reason it scares
me is that I have had a number of times when upgrading postgres, the DB
files were not compatible with the older version and it wasn't till
after the upgrade that I found out. Make sure that if you do use
postgres, that you plan to export the DB's to load files so that if you
do hit the upgrade issue you have a way to reload the DB.
I have tried using ldap a number of times for what you are asking and
have not been successful. I tried Fedora Directory Server and it still
is a complex setup. I still think ldap would be the way to go, but the
management tools for ldap leave a bit to be desired. Also the initial
setup has a steep learning curve.
My other issue with a central auth mechanism is that I want the user
id's and passwords to be secure going to the backend. I didn't want
wireshark to be able to pick up the credentials. Also, what happens when
the DB goes down? No one will be able to auth.
Another problem I ran up against was having the DB admin ID/password
located on each client. At least the shadow file protected the passwords
from normal user access. I do think ldap solves this issue, but
configuring the ACL's is not a trivial task.
Again, a great question and I look forward to hear what others have done.
kitepilot at kitepilot.com wrote:
> OK, I've reached that (long postponed) point of my life where I *HAVE* to
> ditch /etc/passwd and /etc/group in favor of storing my users in a database.
> Any database...
>
> Unless there is a *COMPELLING* reason not to, I will store my users in
> Postgres, but I don't see why generic concepts should not be applied to
> *ANY* database.
>
> All I find in the howto's is how to install (laundry list here), but what I
> need is a fairly general cookbook about how-to-configure-what to allow my
> machine to validate users contained in my database.
> Most of this howto's are useless to my because I run LFS and it right there
> voids any reference to apt-get/yum/rpm/etc.
>
> Furthermore, I want to login with my trusted /etc/passwd - /etc/group
> combination when I SSH into (or console) into my machine and I want the
> "other" users (people hosting WEB sites and/or receiving e-mail) be
> authenticated against the Postgres table.
>
> So the final question is:
> What do I need?
> specifically, do I need PAM? (Probably...)
> What do I configure?
>
> I don't need too many details, I just need something along the lines of:
> You need this list of packages and you need to edit this configuration files
> to accomplish (fill in the blanks)
> Lisa? :)
> HAPPY NEW YEAR!!!
> Enrique
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
More information about the PLUG-discuss
mailing list