Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 Sep 1996 16:54:26 -0400 (EDT)
From:      Robert Shady <rls@mail.id.net>
To:        sfox@indirect.com (Steve Fox)
Cc:        freebsd-isp@FreeBSD.org
Subject:   Re: Password Changes
Message-ID:  <199609202054.QAA16851@server.id.net>
In-Reply-To: <199609201540.IAA17618@bud.indirect.com> from Steve Fox at "Sep 20, 96 08:40:11 am"
next in thread | previous in thread | raw e-mail | index | archive | help 
>  I'm doing some consulting for a local ISP that is using FreeBSD 2.1.5 
> for their servers. One of their programmers has come up with a plan to 
> use an alternate password file for Radius, POP, and personal Web page 
> access. His reasoning for doing this is to speed up password access and 
> database updates for large (100K entries) password files and Radius dbm 
> files, and for security in personal Web pages. Rather than use the 
> password database and a Radius database, the password entries now go into 
> a directory structure like /etc/password.dir/X/Y. Where 'X' is the first 
> character of the user name and 'Y' is the last character of the username. 
> The 'Y' file would then contain the encrypted password entry and the 
> Radius User file entries for all user names beginning with 'X' and ending 
> with 'Y'.
> 
>  To accomplish this, he's modified getpwnam, mail.local, Qpopper, Radius, 
> and Sendmail's recipients.c to look in this new directory structure for 
> the password entry. All this sounds reasonable for a Pop only ISP system 
> and it seems to work OK. I just have this uneasy feeling about making 
> changes that affect password access. Is this an unfounded fear or does 
> anyone see any holes in this plan ?

I personally believe that this is a rediculous way of doing it.. If you
have 100 people logging in simultaneously (10% of your users? Not that
unreasonable), the hard drive head is going to be fluttering all over the
place to read the information for that user.  I think that some sort of
queued synchronus database would be a much better approach.

	-- Rob
===
      _/_/_/_/_/  _/_/_/_/               _/_/    _/  _/_/_/_/_/  _/_/_/_/_/
         _/      _/      _/    _/_/_/   _/  _/  _/  _/_/_/_/        _/
   _/_/_/_/_/  _/_/_/_/               _/      _/  _/_/_/_/_/      _/

                             Innovative Data Services 
                          Serving South-Eastern Michigan 
        Internet Service Provider / Hardware Sales / Consulting Services
       Voice: (810)855-0404 / Fax: (810)855-3268 / Web: http://www.id.net

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609202054.QAA16851>