Hi,
Perhaps its a dumb question, but why does the OpenSRS system enforce
a requirement of a username and password for each domain?
(Or one shared over a number of domains for the same end-user).
Other DNS systems, such as Nominet[1], make it the responsibility
of the member to handle authentication on who can and who can't modify
a domain registered by the member.
The end-user only gets invovled when the member is not doing anything or
the legal owner is being changed etc.
Its fair enough if you want to allow end-users to modify domains, but
that might not be what a "complete solution" entails.
One example is a hosting company that registers and pays for the
domains on behalf of its end users (setting the owner to that end-user).
Now say that the hosting company dosen't record the username/password
that the end-user has registered with OpenSRS for a domain. Then assume
the hosting company wishes to change all of the nameservers for all of
its domains.
Can it do this without knowing the username/password for the end-user ?
If not, surely that may be an issue ?
--
Ian Kirk
[EMAIL PROTECTED]
[1] www.nic.uk
