[Opendnssec-develop] Config question
sion at nominet.org.uk
sion at nominet.org.uk
Tue Aug 4 08:32:26 UTC 2009
> > Should the salt be stored somewhere the auditor can get it?
> > Or should that be the only information lifted from <zone_config.xml>?
>
> kasp.rnc says:
> - ---
> # The actual salt is generated by the Enforcer
> # Note: the enforcer may decide to store the
> # current salt in the DB and so it could be exported
> # here.
> xsd:string?
> - ---
>
> Is Enforcer doing this? Then it should just be to parse the kasp.xml
The enforcer doesn't write to the kasp.xml currently; might people monitor
this file for changes to make sure that no-one is altering their policy? Or
even revoke write permissions on it?
If neither of these is an issue then I can change the enforcer.
Sion
More information about the Opendnssec-develop
mailing list