[bind10-dev] status update
Shane Kerr
shane at isc.org
Thu May 20 14:50:34 UTC 2010
On Thu, 2010-05-20 at 07:59 -0500, Jeremy C. Reed wrote:
> On Thu, 20 May 2010, zhanglikun wrote:
>
> > > Upcoming I am working on generating custom certificate / private key on
> > > install for bindctl/cmdctl usage.
> > >
> >
> > Will this be included in next release on June 2? If it is, I have to let
> > shane to move ticket127 back from backlog.
>
> Looking at ticket 127, now I don't understand the complete plan for task
> 105 (no ticket). What was the full plan for task 105? Was there going
> to be a way for the client to use its certificate to authenticate with
> the cmdctl server (and get identified for later permissions) without
> using any other authentication (like no password)?
In principle a client side certificate contains all you need to know to
authenticate, so no password should be necessary. (In "real" X.509
systems the certificate is issued with the name too, so you don't even
need the user name. We probably do not want to follow that model
though.)
--
Shane
More information about the bind10-dev
mailing list