Date: Sat, 10 Jan 1998 13:26:33 -0600 From: Jacques Vidrine <n@nectar.com> To: hackers@FreeBSD.ORG Cc: Jaye Mathisen <mrcpu@cdsnet.net> Subject: Re: How are people handling lots of accounts? Message-ID: <199801101926.NAA11423@kai.nectar.com> In-Reply-To: <19980110124412.19068@mcs.net> References: <Pine.NEB.3.95.980107181608.25611Q-100000@mail.cdsnet.net> <p1ioh1k5kwy.fsf@panke.panke.de> <19980110124412.19068@mcs.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Kerberos + Hesiod is also a good solution. Jacques Vidrine <n@nectar.com> On 10 January 1998 at 12:44, Karl Denninger <karl@mcs.net> wrote: > On Sat, Jan 10, 1998 at 05:54:52PM +0100, Wolfram Schneider wrote: > > Jaye Mathisen <mrcpu@cdsnet.net> writes: > > > With 50000 test accounts in master.passwd, it takes something like 10 > > > minutes to rebuild the .db files, completely preventing anybody else from > > > doing anything password related. > > > > > > Is there anything that can be done to speed this up? Changing the > > > password isn't too bad, only about 30 seconds, but adding takes forever. > > > > You can increase the database cache size from 4MB to a higher value in > > pwd_mkdb. See pwd_mkdb.c line 70. You must recompile pwd_mkdb for this > > change. > > > > Did you use the -u option? > > pwd_mkdb(8) > > -u username > > Only update the record for the specified user. Utilities that o p- > > erate on a single user can use this option to avoid the overhead of > > rebuilding the entire database. > > > > -- > > Wolfram Schneider <wosch@freebsd.org> http://www.freebsd.org/~wosch/ > > We handled this problem (and I consider it a serious one) by replacing the > entire authorization system with a DBMS-based package written in-house that > uses encrypted data streams between the client and server. > > This was a serious pain in the ass (and done incorrectly or with > insufficient redundancy screws you completely, as you then can't log in!) > but its worth it - our management is now centralized. We still create > "fallback" pwd.db and spwd.db files from that database and distribute them > for the "emergency" case, but this is then a low-priority thing that can be > done at the "background noise" level. > > For multi-machine environments you *have to* centralize things somehow, and > NIS just isn't secure enough for an ISP environment. > > -- > -- > Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin > http://www.mcs.net/ | T1's from $600 monthly to FULL DS-3 Service > | NEW! K56Flex support on ALL modems > Voice: [+1 312 803-MCS1 x219]| EXCLUSIVE NEW FEATURE ON ALL PERSONAL ACCOUNTS > Fax: [+1 312 803-4929] | *SPAMBLOCK* Technology now included at no cost
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199801101926.NAA11423>