From owner-freebsd-stable Thu Apr 2 14:28:24 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA19231 for freebsd-stable-outgoing; Thu, 2 Apr 1998 14:28:24 -0800 (PST) (envelope-from owner-freebsd-stable@FreeBSD.ORG) Received: from fledge.watson.org (root@FLEDGE.RES.CMU.EDU [128.2.91.116]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA19220 for ; Thu, 2 Apr 1998 14:28:18 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.6.10) with SMTP id RAA27503; Thu, 2 Apr 1998 17:27:34 -0500 (EST) Date: Thu, 2 Apr 1998 17:27:34 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Mark Murray cc: Charles Quarri , stable@FreeBSD.ORG Subject: Re: Hesiod support on 2.2 In-Reply-To: <199804021741.TAA21193@greenpeace.grondar.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk On Thu, 2 Apr 1998, Mark Murray wrote: > > I am looking for a central management system like NIS without > > the blatant security holes. I have heard that Hesiod can do this. > > My interest was piqued with hesiod a few days ago. I have the source > and am playing with it. To make Hesiod secure, you need secure name service. I understand that MIT implemented a kerberized DNS query of some kind -- this is not scalable, of course. DNSsec should provide a nice architecture for handling this kind of thing. See also draft-ietf-dnssec-ar-00.txt for some thoughts on how to handle authentication in the context of DNSsec, and assigning identities to DNS names. Robert N Watson ---- Carnegie Mellon University http://www.cmu.edu/ Trusted Information Systems http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message