From owner-freebsd-isp Fri Sep 20 08:40:22 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id IAA01314 for isp-outgoing; Fri, 20 Sep 1996 08:40:22 -0700 (PDT) Received: from bud.indirect.com (sfox@bud.indirect.com [165.247.1.10]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id IAA01281 for ; Fri, 20 Sep 1996 08:40:16 -0700 (PDT) Received: (from sfox@localhost) by bud.indirect.com (8.7.6/8.6.6) id IAA17618 for freebsd-isp@FreeBSD.ORG; Fri, 20 Sep 1996 08:40:13 -0700 (MST) From: Steve Fox Message-Id: <199609201540.IAA17618@bud.indirect.com> Subject: Password Changes To: freebsd-isp@FreeBSD.ORG Date: Fri, 20 Sep 1996 08:40:11 -0700 (MST) X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Greetings, I'm doing some consulting for a local ISP that is using FreeBSD 2.1.5 for their servers. One of their programmers has come up with a plan to use an alternate password file for Radius, POP, and personal Web page access. His reasoning for doing this is to speed up password access and database updates for large (100K entries) password files and Radius dbm files, and for security in personal Web pages. Rather than use the password database and a Radius database, the password entries now go into a directory structure like /etc/password.dir/X/Y. Where 'X' is the first character of the user name and 'Y' is the last character of the username. The 'Y' file would then contain the encrypted password entry and the Radius User file entries for all user names beginning with 'X' and ending with 'Y'. To accomplish this, he's modified getpwnam, mail.local, Qpopper, Radius, and Sendmail's recipients.c to look in this new directory structure for the password entry. All this sounds reasonable for a Pop only ISP system and it seems to work OK. I just have this uneasy feeling about making changes that affect password access. Is this an unfounded fear or does anyone see any holes in this plan ? Thanks, Steve