... | ... | @@ -143,7 +143,7 @@ As of Kea 1.9.3, basic HTTP authentication is available. It can be used to authe |
|
|
|
|
|
Since its early days, Kea has been able to react to POSIX signals. This simple, but very reliable mechanism is very popular. By sending a HUP signal to Kea, it can be told to reload its configuration. This is frequently used to trigger reconfiguration event in Kea, without restarting the whole service. However, there is a deficiency from accountability perspective. The signal mechanism does not provide any information about its sender. In general, only the process owner or root are able to send signals and that is enforced by the kernel. In the future, we may provide a configuration parameter to disable HUP and TERM signals. This would improve accountability as, together with configured authentication, it would eliminate the potential for a root user to reconfigure Kea. This is only a minor improvement, though, as root can always edit the local config file, kill the process and restart it. However, this is a much more intrusive process, so it would be much harder to hide in case of bad actor trying to plant unauthorized changes.
|
|
|
|
|
|
- Is there **SSL support for DB connections**?
|
|
|
- Is there **SSL/TLS support for DB connections**?
|
|
|
|
|
|
Not in the official Kea distribution at the moment. There are two community contributed patches on Github for MySQL and Cassandra.
|
|
|
|
... | ... | |