From owner-freebsd-security  Wed Jan 23  9: 7:50 2002
Delivered-To: freebsd-security@freebsd.org
Received: from pogo.caustic.org (caustic.org [64.163.147.186])
	by hub.freebsd.org (Postfix) with ESMTP id 2BD8D37B416
	for <freebsd-security@FreeBSD.ORG>; Wed, 23 Jan 2002 09:07:47 -0800 (PST)
Received: from localhost (jan@localhost)
	by pogo.caustic.org (8.11.6/8.11.6) with ESMTP id g0NH7Pa58775;
	Wed, 23 Jan 2002 09:07:25 -0800 (PST)
	(envelope-from jan@caustic.org)
Date: Wed, 23 Jan 2002 09:07:24 -0800 (PST)
From: "f.johan.beisser" <jan@caustic.org>
X-X-Sender: jan@localhost
To: Landon Stewart <landons@uniserve.com>
Cc: Buliwyf McGraw <buliwyf@libertad.univalle.edu.co>,
	<freebsd-security@FreeBSD.ORG>
Subject: Re: Creating users from the web
In-Reply-To: <3C4E4ECC.1090100@uniserve.com>
Message-ID: <20020123090041.M32624-100000@localhost>
X-Ignore: This statement isn't supposed to be read by you
X-TO-THE-FBI-CIA-AND-NSA: HI! HOW YA DOIN?
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Tue, 22 Jan 2002, Landon Stewart wrote:

> WebMin is a little more than you need for this perticular task, but you
> could code something to have commands inserted into a database,
> including ENCRYPTED passwords, then write a perl script to query the
> database and run whatever commands and parameters were in the database.
>  After its all done, it would mark it completed and around we go.

why not use pam_ldap or pam_mysql? both are in $PORTSDIR/security.

combine that with a php interface (there are php/DBI crossovers..) and an
ssl'd http link, you've suddenly simplified the proceedure.

> This way its scaleable (if you expand to more than one server).
>  RELATIVELY secure (you could encrypt the SQL connections if you want to
> go over a network), and best of all you wouldn't have to run anything as
> root except your perl script that processes and does the user additions.

pam is probably more scalable, and even allows for easily removed
accounts, plus it'll have even more scalable account management.

> I wrote an EXTENSIVE "tools" package for an ISP I worked for that
> allowed staff to add/remove for email/usernames/virtusertable entries as
> well as do searches etc...

nice. are these tools available?

this may actually be a thread for freebsd-isp@freebsd.org.

-- jan

-------/ f. johan beisser /--------------------------------------+
  http://caustic.org/~jan                      jan@caustic.org
    "John Ashcroft is really just the reanimated corpse
         of J. Edgar Hoover." -- Tim Triche


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message