[bind10-dev] authentication mechanism for cmdctl
Jeremy C. Reed
jreed at isc.org
Wed Mar 31 13:54:42 UTC 2010
On Wed, 31 Mar 2010, Shane Kerr wrote:
> > So fall back to HTTP instead of HTTPS?
> >
> > What about the HTTP Digest Authentication? Will it still be password
> > protected but not tunneled over TLS?
>
> This is also not clear to me.
>
> I'm reluctant to default to no authentication, especially if we can set
> it up during install (which we do, right?).
>
> If the suggestion is to use the client-side certificate for
> authentication - which presumably will be protected by normal Unix file
> permissions - then this seems okay. In this case username/password can
> be bypassed by using a certificate.
Yes, there is a certificate installed by default.
The username and password part is also useful for the case of
multiple users having access to bindctl and needing to use it.
(File permissions are fine too, such as having a group be able to read
the cert file and then maintain group members for it.)
In the long run I'd like the cmdctl backend to be able to have different
classifications of users, for example:
1) be able to retrieve stats, read some configurations (for example so a
webgui could talk to it to generate reports but not make any changes or
for a novice sysadmin can report about system status but can't make
changes)
2) be able to maintain own zone (for example remote zone owner can add
or change entries, resign, etc.)
3) be able to update any zones, add zones, remove zones
4) be able to make configuration changes for tuning for specific zones
or maybe specific networks
5) be able to make system-wide configuration changes
More information about the bind10-dev
mailing list