security

[David Blacka]

>>>>> "wanghj" == wanghj  <wanghj at asiainfo.com> writes:

 wanghj> Hello,

 wanghj> According to RFC 2167:"An authority area,on the whole,can be
 wanghj> guarded by linking guardians to its SOA and schema
 wanghj> information." I want to guard the whole authority area,what
 wanghj> should I do?

Ok, well, it's been a long time since I've even tried to do this, but,
basically what you do is add guardian attributes to records in the
rwhoisd.auth_area file.  E.g.,

type: master
name: a.com
data-dir: a.com/data
schema-file: a.com/schema
soa-file: a.com/soa
guardian: 1.a.com

Where 1.a.com is a record of type "Guardian":

a.com/data/guardian/guardian.txt:

ID: 1.a.com
Auth-Area: a.com
Guard-Scheme: CRYPT-PW
Guard-Info: ruay7vna5AaQU
Created: 19961022
Updated: 19961023
Updated-By: hostmaster at a.com
Private:true

The system should be able to find the guardian record by searching on
the ID (that is, the record needs to be indexed).

This should have the effect of adding a Guardian attribute to every
object within the a.com authority area.

-- 
David Blacka <davidb at netsol.com>     Sr. Research Engineer
Research and Development -- Network Solutions, Herndon, VA