Yes, there will still be an OpenSRS user name and password for each domain
profile. Whether each domain will be in a separate profile, or all in one,
or segregated by customer is entirely up to your own design. In any case,
your system will need to set a cookie in order to transact with OpenSRS, but
the login information used does not have to be the same as that used by your
customer to authenticate with you.
----- Original Message -----
From: "Ian Kirk" <[EMAIL PROTECTED]>
To: "Chuck Hatcher" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Saturday, February 24, 2001 12:41 PM
Subject: RE: Dumb Question
> I am using XML_Client.pm directly.
>
> My understanding was (and correct me if i'm wrong, please!) that
> to perform the MODIFY action, a cookie is needed.
>
> And to SET a COOKIE a reg_username and reg_password was needed ?
>
> -----Original Message-----
> From: Chuck Hatcher [mailto:[EMAIL PROTECTED]]
> Sent: 24 February 2001 16:47
> To: Ian Kirk
> Cc: [EMAIL PROTECTED]
> Subject: Re: Dumb Question
>
>
> The OpenSRS system doesn't enforce this, it's just the way the provided
> client software works. The client scripts supplied by OpenSRS are
generic,
> and are designed to work in typical situation in which the end-user
controls
> the login information for their domain names.
>
> If your model is different, such as if you want to hold the username and
> password for all the domain names your customers register, then you will
> need to modify the scripts to do authentication differently. Some RSP's
> have done this, and their customers can only make modifications through
> them.
>
> In this case, you would probably want to be the administrative contact for
> all the domains.
>
> ----- Original Message -----
> From: "Ian Kirk" <[EMAIL PROTECTED]>
> To: "OpenSRS Dev List" <[EMAIL PROTECTED]>
> Sent: Saturday, February 24, 2001 11:21 AM
> Subject: Dumb Question
>
>
> > Hi,
> >
> > Perhaps its a dumb question, but why does the OpenSRS system enforce
> > a requirement of a username and password for each domain?
> > (Or one shared over a number of domains for the same end-user).
> >
> > Other DNS systems, such as Nominet[1], make it the responsibility
> > of the member to handle authentication on who can and who can't modify
> > a domain registered by the member.
> > The end-user only gets invovled when the member is not doing anything or
> > the legal owner is being changed etc.
> >
> > Its fair enough if you want to allow end-users to modify domains, but
> > that might not be what a "complete solution" entails.
> >
> > One example is a hosting company that registers and pays for the
> > domains on behalf of its end users (setting the owner to that end-user).
> > Now say that the hosting company dosen't record the username/password
> > that the end-user has registered with OpenSRS for a domain. Then assume
> > the hosting company wishes to change all of the nameservers for all of
> > its domains.
> >
> > Can it do this without knowing the username/password for the end-user ?
> >
> > If not, surely that may be an issue ?
> >
> > --
> > Ian Kirk
> > [EMAIL PROTECTED]
> >
> > [1] www.nic.uk
