... | ... | @@ -58,6 +58,8 @@ As the current command description files have the hook name (for hook commands) |
|
|
|
|
|
So a priori the answer is yes, read/write access is enough.
|
|
|
|
|
|
**Tomek**: This is what we initially thought, but the user most vitally interested in this asked for several roles. See [support#15938, comment from Jan 31](https://support.isc.org/Ticket/Display.html?id=15938#txn-546284)
|
|
|
|
|
|
### question 2: what to use for credentials?
|
|
|
|
|
|
Authorization requires authentication or with other words if it is trivial to impersonate a client the access control is useless.
|
... | ... | @@ -68,6 +70,8 @@ This can open an indirect issue at the client which should provide a certificate |
|
|
|
|
|
So the usual answer is the client credential is the client certificate.
|
|
|
|
|
|
**tomek**: Yes, the client certificate looks good to me.
|
|
|
|
|
|
### question 3: what to use in credentials to assign a role?
|
|
|
|
|
|
It is related to the way the public key infrastructure is organized:
|
... | ... | |