default-user.csv

Spain, Dr. Jeffry A. spainj at countryday.net
Wed Mar 6 15:05:35 UTC 2013


I reviewed http://bind10.isc.org/ticket/2641 and see that the development team is working on this issue. I'd like to make the following suggestion.

By default, don't create ~/.bind10/default-user.csv, which is clearly a security defect, and require the user to enter a valid user name and password with each login to bindctl. Removing the existing "single sign-on" functionality in bindctl makes it a little harder to use, but I have to deal with lots of other software applications that don't support single sign-on anyway, so it's not a deal breaker.

For those users, developers and testers for example, for whom ease of use is more important than security, create a command line option to bindctl as follows:

Bindctl [--single-sign-on[=path]].

Specifying the --single-sign-on option would cause the default-user.csv file to be created at ~/.named or at the specified path.

Remove the existing --csv-file-dir command line option to bindctl.

Jeffry A. Spain, Network Administrator
Cincinnati Country Day School



More information about the bind10-users mailing list