Just for some clarity...
Since the OpenSRS system contains all contact information for the domain
(and shows via whois), AND the Administrative contact has access to alter
ANY information for the domain (Billing, DNS, what have you) by default, we
have "Management Profiles" for each domain (either singularly, or in
profiles).
If you wish to maintain the default workings with OpenSRS, each domain needs
a username/password. Then, when modifying domains you set a cookie using
reg_username/reg_password, then use that Cookie for each subsequent
modification (cookies expire hourly, methinks - fyi).
Looking at manage.cgi gives you an idea of how this would work ideally.
Charles Daminato
Product Manager (ccTLDs)
Tucows Inc. - [EMAIL PROTECTED]
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> Behalf Of Ian Kirk
> Sent: February 24, 2001 12:42 PM
> To: Chuck Hatcher
> Cc: [EMAIL PROTECTED]
> Subject: RE: Dumb Question
>
>
> I am using XML_Client.pm directly.
>
> My understanding was (and correct me if i'm wrong, please!) that
> to perform the MODIFY action, a cookie is needed.
>
> And to SET a COOKIE a reg_username and reg_password was needed ?
>
> -----Original Message-----
> From: Chuck Hatcher [mailto:[EMAIL PROTECTED]]
> Sent: 24 February 2001 16:47
> To: Ian Kirk
> Cc: [EMAIL PROTECTED]
> Subject: Re: Dumb Question
>
>
> The OpenSRS system doesn't enforce this, it's just the way the provided
> client software works. The client scripts supplied by OpenSRS
> are generic,
> and are designed to work in typical situation in which the
> end-user controls
> the login information for their domain names.
>
> If your model is different, such as if you want to hold the username and
> password for all the domain names your customers register, then you will
> need to modify the scripts to do authentication differently. Some RSP's
> have done this, and their customers can only make modifications through
> them.
>
> In this case, you would probably want to be the administrative contact for
> all the domains.
>
> ----- Original Message -----
> From: "Ian Kirk" <[EMAIL PROTECTED]>
> To: "OpenSRS Dev List" <[EMAIL PROTECTED]>
> Sent: Saturday, February 24, 2001 11:21 AM
> Subject: Dumb Question
>
>
> > Hi,
> >
> > Perhaps its a dumb question, but why does the OpenSRS system enforce
> > a requirement of a username and password for each domain?
> > (Or one shared over a number of domains for the same end-user).
> >
> > Other DNS systems, such as Nominet[1], make it the responsibility
> > of the member to handle authentication on who can and who can't modify
> > a domain registered by the member.
> > The end-user only gets invovled when the member is not doing anything or
> > the legal owner is being changed etc.
> >
> > Its fair enough if you want to allow end-users to modify domains, but
> > that might not be what a "complete solution" entails.
> >
> > One example is a hosting company that registers and pays for the
> > domains on behalf of its end users (setting the owner to that end-user).
> > Now say that the hosting company dosen't record the username/password
> > that the end-user has registered with OpenSRS for a domain. Then assume
> > the hosting company wishes to change all of the nameservers for all of
> > its domains.
> >
> > Can it do this without knowing the username/password for the end-user ?
> >
> > If not, surely that may be an issue ?
> >
> > --
> > Ian Kirk
> > [EMAIL PROTECTED]
> >
> > [1] www.nic.uk
>
