[bind10-dev] authentication mechanism for cmdctl
zhanglikun
zlkzhy at gmail.com
Tue Mar 30 03:26:29 UTC 2010
Hi all,
I was thinking these days on the cmdctl's custom authentication mechanism.
My question is whether custom authentication using username/password over
SSL is mandatory, can it be made to be optional? Let admin do the selection.
Currently, custom authentication for cmdctl is mandatory. To make sure our
bindctl works well in source code tree, I have to provide one self-signed
certificate both to bindctl and cmdctl, and create one account for bindctl.
(see src/bin/bindctl/bindctl.pem and src/bin/cmdctl/cmdctl-certfile.pem,
cmdctl-keyfile.pem, cmdctl-accounts.csv) When bind10 is installed, these
certificate and account should also be installed properly, or else it will
block bindctl. I think the code does too much.
So My suggestion is: Let bindctl connect with cmdctl directly without any
authentication protection, except admin has specified certificate for
bindctl and cmdctl in their spec file.
Welcome any comments J
Thanks
Zhang likun
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind10-dev/attachments/20100330/c6368c09/attachment.html>
More information about the bind10-dev
mailing list