[Pdns-users] Question about logging changes

Michael Ströder michael at stroeder.com
Tue Nov 28 17:25:43 UTC 2017


Dirk Bartley wrote:
> You could log the who of who is logged into the database, but if the database
> connection is done from a front end, it would always be the users the front end
> connects to the database as.  But if you have a front end, just manage it by who
> is logged into the Front end.

Depends on the frontend. If it lets the user impersonate as personal
user account on the DB connection you get the real who.

It would be nice if the PowerDNS API would have a config option like
"connect-as-user" to avoid using a hard-coded API password/key. In this
case you could also let the database backend enforce access control even
for API requests.

Ciao, Michael.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3829 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20171128/b39f4b8d/attachment.bin>


More information about the Pdns-users mailing list