Date: Thu, 2 Apr 1998 17:27:34 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: Mark Murray <mark@grondar.za> Cc: Charles Quarri <randy@hackerz.org>, stable@FreeBSD.ORG Subject: Re: Hesiod support on 2.2 Message-ID: <Pine.BSF.3.96.980402172616.21311E-100000@fledge.watson.org> In-Reply-To: <199804021741.TAA21193@greenpeace.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 2 Apr 1998, Mark Murray wrote: > > I am looking for a central management system like NIS without > > the blatant security holes. I have heard that Hesiod can do this. > > My interest was piqued with hesiod a few days ago. I have the source > and am playing with it. To make Hesiod secure, you need secure name service. I understand that MIT implemented a kerberized DNS query of some kind -- this is not scalable, of course. DNSsec should provide a nice architecture for handling this kind of thing. See also draft-ietf-dnssec-ar-00.txt for some thoughts on how to handle authentication in the context of DNSsec, and assigning identities to DNS names. Robert N Watson ---- Carnegie Mellon University http://www.cmu.edu/ Trusted Information Systems http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980402172616.21311E-100000>