From owner-freebsd-isp Fri Sep 20 13:54:28 1996 Return-Path: owner-isp Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id NAA16588 for isp-outgoing; Fri, 20 Sep 1996 13:54:28 -0700 (PDT) Received: from mail.id.net (mail.id.net [199.125.1.6]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id NAA16553 for ; Fri, 20 Sep 1996 13:54:25 -0700 (PDT) Received: from server.id.net (rls@server.id.net [199.125.1.10]) by mail.id.net (8.7.5/ID-Net) with ESMTP id QAA14435; Fri, 20 Sep 1996 16:57:18 -0400 (EDT) Received: (from rls@localhost) by server.id.net (8.7.5/8.7.3) id QAA16851; Fri, 20 Sep 1996 16:54:26 -0400 (EDT) From: Robert Shady Message-Id: <199609202054.QAA16851@server.id.net> Subject: Re: Password Changes In-Reply-To: <199609201540.IAA17618@bud.indirect.com> from Steve Fox at "Sep 20, 96 08:40:11 am" To: sfox@indirect.com (Steve Fox) Date: Fri, 20 Sep 1996 16:54:26 -0400 (EDT) Cc: freebsd-isp@FreeBSD.org X-Mailer: ELM [version 2.4ME+ PL25 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-isp@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk > I'm doing some consulting for a local ISP that is using FreeBSD 2.1.5 > for their servers. One of their programmers has come up with a plan to > use an alternate password file for Radius, POP, and personal Web page > access. His reasoning for doing this is to speed up password access and > database updates for large (100K entries) password files and Radius dbm > files, and for security in personal Web pages. Rather than use the > password database and a Radius database, the password entries now go into > a directory structure like /etc/password.dir/X/Y. Where 'X' is the first > character of the user name and 'Y' is the last character of the username. > The 'Y' file would then contain the encrypted password entry and the > Radius User file entries for all user names beginning with 'X' and ending > with 'Y'. > > To accomplish this, he's modified getpwnam, mail.local, Qpopper, Radius, > and Sendmail's recipients.c to look in this new directory structure for > the password entry. All this sounds reasonable for a Pop only ISP system > and it seems to work OK. I just have this uneasy feeling about making > changes that affect password access. Is this an unfounded fear or does > anyone see any holes in this plan ? I personally believe that this is a rediculous way of doing it.. If you have 100 people logging in simultaneously (10% of your users? Not that unreasonable), the hard drive head is going to be fluttering all over the place to read the information for that user. I think that some sort of queued synchronus database would be a much better approach. -- Rob === _/_/_/_/_/ _/_/_/_/ _/_/ _/ _/_/_/_/_/ _/_/_/_/_/ _/ _/ _/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/_/_/_/_/ _/_/_/_/ _/ _/ _/_/_/_/_/ _/ Innovative Data Services Serving South-Eastern Michigan Internet Service Provider / Hardware Sales / Consulting Services Voice: (810)855-0404 / Fax: (810)855-3268 / Web: http://www.id.net