Re: Handling users

On Tuesday 18 Feb 2003 7:47 pm, you wrote:
> On Tue, Feb 18, 2003 at 19:13:51 +0530,
>
> "Shridhar Daithankar<shridhar_daithankar(at)persistent(dot)co(dot)in>"
<shridhar_daithankar(at)persistent(dot)co(dot)in> wrote:
> > I don't want to do that unless that is last option. And yes, the
> > application and database are on same machine and it will be unix domain
> > socket only for security reasons. ( I mean just trying to be paranoid.
> > The application is on company intranet but why take chance?)
>
> If you are using domain sockets and the OS supports it, why wouldn't you
> want to use ident authentication?

Correct me if I am wrong, but when I run ident authentication, I have to
create OS users right? And with sshd enabled on box for admin reasons, I
don't want to let everybody login. I agree I can set their login to
/sbin/false on linux or nologin on BSD.

but under full load I expect around 50 concurrent users. With 15-20
connections shuffling thr. users with set authorisation for each web request,
I don't want to trust /etc/passwd for performance at hundreds of users.

> The other option is to use password authentication and make sure you keep
> the binaries secret so people can't find out what the passwords are. In
> most cases I would expect password authentication to be higher risk than
> ident authentication when you only allow connections through domain
> sockets.

Which binaries? My application? I am silghtly confused here..

I want to use password authentication. But my problem is set session
authorisation does not support a password clause.

I have not installed a test database as yet. This is out of documentation. May
be experimenting with things might turn out few things..

Again, any help using password authentication?

Shridhar