-----BEGIN PGP SIGNED MESSAGE-----
Hello Ken,
Tuesday, June 05, 2001, 12:00:35 PM, you wrote:
>> What about an customizable number of read only machines of which
>> vpopmail chooses one, by round robin, for example?
> I guess we could do that. It would be easier to impliment a
> list of servers and go down the list untill one is found
> that accepts the connection.
I'm not entirely sure how bind does it, but it does either this
or a selects a random server out of multiple ones for round robin
DNS.
Hence the point of round robin, the above should do the job of
spreading the load among multiple slaves...
> Which brings up another point. Where do the servers get
> defined. Currently they are compiled in via the vmysql.h
> file. Which is easy to implement.
It's not exactly user friendly but then again, most people could
probably live with it.
> Onjre (spelling?) has a patch to get the information from
> a environment variables. Which sounds good but I can see
> some problems with it, primarily it adds another level
> of complexity in running the command line programs. Users
> and shell programs would have to set thier environment
> variables. Or perhaps a mix of the two, if an environment
> variable is set, use that, otherwise use the compiled one.
> Another option would be to put the list of servers in some
> configuration file that would get parsed. But I can't see
> a secure way to attempt to hide the passwords. Since domains
> can be stored under any /etc/passwd account, then any user
> on the system would need to have access to the file hence
> they could find the login information.
But how do you want to solve this issue when using environment
variables? Those are either user specific or world readable,
AFAIK (except for the possibility to use temporary ones which are set
only for the process but this would result in decreased performance).
I also think it would be a bit of a performance penalty to
parse the environment variables every time vchkpw gets invoked
(probably even more so for a configuration file) so a compile time
specification that stores the passwords in the binary file might
actually be the better solution but then you still need a solution to
the fact that some compilers seem to leave strings from compile time
strings in the binary...
> Anyone have any thoughts about this? It would be great
> to be able to compile one binary and use it on multiple
> machines with different mysql server auth info.
ACK. But I don't think that can be done in a safe way (except with
the
above mentioned process specific environment variables) when we want
to
have the ability of using arbitrary /etc/passwd users for vpopmail
domains (which is a feature we don't use, for example)[1].
Best regards,
Gabriel
[1] To have this to work, I assume some part of the mailserver needs
to be running suid 0 so it can later suid to the appropriate user...
Now would it be possible, to gather the info out of a uid0 chmod 400
configuration file before the rights are dropped?
b
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5i
iQEVAwUBOxyjdsZa2WpymlDxAQE9Nwf8ChdoJpztHRWXoGoX/lJTMFfgNAFxu9iX
e6oKlf+x737qwxz8K1Wiv8PbRm2lJOBAJAX9ucvVqE/6M/kw4neUnJtm9BhEIqhX
/a0IGs2HGLH13ImSEQR7LYq6CfbYWKCGb7j36c4KS2hIZ4cfSQ8dJETgnTXO6kgc
amzFx4ITVcqrkuYMxcW8wuQ4dN6knLzdWyryVVnU2CIabkZxFvpaMiHvX6MYZq74
JSNbO8Ckl1VHTwDsRTc58qxUWuT+Qxdmn0u5B3aQRod/G5A/j92WaX1rNRX2JONF
VH8xuGLcROMBE2gpinp6Vu/gEF0WL7MmzTgdrAAFk3gZtqCE32IdQQ==
=/qMc
-----END PGP SIGNATURE-----
