Date: Fri, 03 Apr 1998 07:43:43 +0200 From: Mark Murray <mark@grondar.za> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: Charles Quarri <randy@hackerz.org>, stable@FreeBSD.ORG Subject: Re: Hesiod support on 2.2 Message-ID: <199804030543.HAA24161@greenpeace.grondar.za>
next in thread | raw e-mail | index | archive | help
Robert Watson wrote: > To make Hesiod secure, you need secure name service. I understand that > MIT implemented a kerberized DNS query of some kind -- this is not > scalable, of course. DNSsec should provide a nice architecture for > handling this kind of thing. See also draft-ietf-dnssec-ar-00.txt for > some thoughts on how to handle authentication in the context of DNSsec, > and assigning identities to DNS names. To make Hesiod secure, you should not use it to distribute passwords (encrypted or not). That is what Kerberos is for. One of the things I have picked up in 48 hours of research. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804030543.HAA24161>