default-user.csv
Spain, Dr. Jeffry A.
spainj at countryday.net
Wed Mar 6 15:05:35 UTC 2013
I reviewed http://bind10.isc.org/ticket/2641 and see that the development team is working on this issue. I'd like to make the following suggestion.
By default, don't create ~/.bind10/default-user.csv, which is clearly a security defect, and require the user to enter a valid user name and password with each login to bindctl. Removing the existing "single sign-on" functionality in bindctl makes it a little harder to use, but I have to deal with lots of other software applications that don't support single sign-on anyway, so it's not a deal breaker.
For those users, developers and testers for example, for whom ease of use is more important than security, create a command line option to bindctl as follows:
Bindctl [--single-sign-on[=path]].
Specifying the --single-sign-on option would cause the default-user.csv file to be created at ~/.named or at the specified path.
Remove the existing --csv-file-dir command line option to bindctl.
Jeffry A. Spain, Network Administrator
Cincinnati Country Day School
More information about the bind10-users
mailing list