[Opendnssec-develop] Config question
Rickard Bondesson
rickard.bondesson at iis.se
Tue Aug 4 08:20:20 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> Hi -
>
> I've been looking at Pivotal issue 1018973. I have some
> questions regarding the system configuration - sorry if the
> answers are written down; I couldn't find them.
>
> Currently, the auditor uses zonelist.xml to find the
> <zone_config>.xml files for each zone, and do the auditing.
> This is apparently not good.
The path to the zonelist.xml should come from conf.xml, because the location of zonelist.xml may be on another place than the conf.xml directory.
> So, I can look at conf.xml, kasp.xml and zonelist.xml, and
> get most of the info from there. However, these files do not
> specify the salt - this is potentially added from the DB, and
> not stored anywhere other than <zone_config.xml>. So, I don't
> think it's possible to write the auditor without checking
> this file, unless the salt is queried directly from the DB.
>
> Should the auditor be checking the DB?
No
> Should the salt be stored somewhere the auditor can get it?
> Or should that be the only information lifted from <zone_config.xml>?
kasp.rnc says:
- ---
# The actual salt is generated by the Enforcer
# Note: the enforcer may decide to store the
# current salt in the DB and so it could be exported
# here.
xsd:string?
- ---
Is Enforcer doing this? Then it should just be to parse the kasp.xml
// Rickard
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSnfvQ+CjgaNTdVjaAQjrJwf+I+YOQPYqxu+1VqTsOM481ZH3c77TicvB
91+m05ax+HmmFaPjfCFdMthrudt6hI2jQ9EsVDoI9Q5LrRK6LPLw+pCMS2jcleqe
fmOOKBGx42T8EW1HqYqB63ieMOyCXeshI2O5uS/vKHKazO7XTOuIu3h0dwSKwFUN
k+iyXsZCdqFnEQUxS0ZfUZPgUXIZLtiNlqkL2O9ydmDVel7KJBZKi9zYZBXIy+d7
nn+oi19TDkB7ktzQW1Hx88dsIXcU8/OpCT6IzQxI8gVK9FfD7J6hZcWEDVTwaWK3
enA/IGLsHXtBcTaTmZB3csiz6eT78dn8ABtWLTE6uFmVvXc5tE05TA==
=pe4u
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list