[bind10-dev] authentication mechanism for cmdctl
Shane Kerr
shane at isc.org
Wed Mar 31 13:25:08 UTC 2010
All,
On Tue, 2010-03-30 at 10:56 -0500, Jeremy C. Reed wrote:
> > So My suggestion is: Let bindctl connect with cmdctl directly without any
> > authentication protection, except admin has specified certificate for
> > bindctl and cmdctl in their spec file.
>
> So fall back to HTTP instead of HTTPS?
>
> What about the HTTP Digest Authentication? Will it still be password
> protected but not tunneled over TLS?
This is also not clear to me.
I'm reluctant to default to no authentication, especially if we can set
it up during install (which we do, right?).
If the suggestion is to use the client-side certificate for
authentication - which presumably will be protected by normal Unix file
permissions - then this seems okay. In this case username/password can
be bypassed by using a certificate.
--
Shane
More information about the bind10-dev
mailing list