On Thu, 13 Mar 2008 04:23:15 -0800 Robert Fargher <[EMAIL PROTECTED]> wrote:
> > > >Sounds like a job for PAM. > > > >http://www.google.com/search?q=linux+PAM > > > >:) > > No, specifically not. We are already using MySQL to authenticate > secure FTP, using ProFTPDd. What I'd like to do is to use the *same* > MySQL database/tables to authenticate secure rsync. If rsync can't > do it, that's fine, I just won't offer rsync as a service. > > PAM, as I understand it, requires a user account on the system. > This is specifically what we don't want. All remote ftp/rsync user > info is to be completely contained within the MySQL database Actually, PAM /doesn't/ require user accounts on the system. From the PAM docs : Q1: What exactly is PAM? Basically, it is a flexible mechanism for authenticating users. ... PAM provides a way to develop programs that are independent of authentication scheme. In my environment, for example, when a user logs into a machine via SSH, PAM sends the request off to our Kerberos server (which handles the authentication challenge, of course), which if successful, then queries an LDAP server for the users' profile information. There are absolutely no user entries in /etc/passwd at all. I suppose that you're using a ProFTPd-specific manner of interacting with MySQL. This is, of course, completely valid - but you end up locking yourself into a solution which is clearly not as extensible as you'd like. Instead, you may wish to consider housing your "generic" authentication data in a MySQL backend which PAM challenges at a system level. In this way, any application or service which wants to verify a user can simply query the system and obtain a result - be it ProFTPd, Rsync, or something else entirely. By abstracting the authentication mechanism, you no longer have to worry about whether your particular application "supports" your desired backend. -- Daniel Maher <dma AT witbe.net>
signature.asc
Description: PGP signature
-- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
