Just a quick thought: when we submit a registration for our customers, we
need to supply a reg_username and reg_password for the domain.
We are free to use whatever names/passes we want, but say I am an RSP who
offers ancillary services. I might like to use the username and pass that
my customer already has on my system.
However, say I store my customers' passwords encrypted, so I can't send
the "real" pass in plaintext to OpenSRS.
So, when submitting a domain registration, the current command is
something like:
{
protocol => "XCP",
action => "register",
object => "domain",
attributes => {
domain => "www.thefonz.com",
reg_username => "abcdef",
reg_password => "12345",
period => 2,
contact_set => {
...
}
nameserver_list => {
...
}
}
}
I'm wondering how OpenSRS stores these passwords on their system. If, for
instance, they are MD5-ed, then can I suggest the following change to the
OPS attributes. Instead of:
reg_username => "abcdef",
reg_password => "12345",
I can send either:
reg_username => "abcdef",
reg_password => "12345",
reg_passtype => "plaintext",
or
reg_username => "abcdef",
reg_password => "e10adc3949ba59abbe56e057f20f883e",
reg_passtype => "md5",
Of course, if OpenSRS is storing the passes in plaintext (for shame), then
this isn't possible. And if they are encrypted somehow (MD5, or crypt),
then the only two options are "plaintext" and whatever method OpenSRS
uses. i.e. if they store them MD5, then you can do:
reg_username => "abcdef",
reg_password => "i33yx6cNwkftI",
reg_passtype => "crypt",
This could apply to all OPS commands that need a reg_password (and
sub_user passwords too, I suppose)
Hopefully I've explained this well enough that you know what I'm talking
about. :) Any thoughts from the development team?
- Colin
