On jue, 19 sep 2024, Gert Doering escribió:
Hi,
On Thu, Sep 19, 2024 at 09:30:58AM +0000, Rodolfo García Peñas (kix) wrote:
Regarding Tore's point about the use of passwords at LIR level, I think it is better for LIRs to have an identification of which user is doing the modification. In fact, there has been an effort to eliminate generic users in the LIR portal. However, the alternative of creating API keys at LIR level offers an easy migration alternative and leaves it up to the LIR to use them.
please re-read what Tore wrote. You can not have *automated* updates fail because a *person* left the LIR in question.
Hi Gert, I was thinking that certain users would not be personal users, but specific users for these actions. Something like auto-dbm@ripe.net. These users could have a mailbox associated with them, e.g. for change notifications etc. But I understand that this could be something that depends on each LIR and that the option suggested by Tore could be correct. On the other hand, a LIR may have multiple systems for updating database information, so if authentication is implemented at the LIR level, it would be advisable to allow multiple keys.
Tying automated updates to a specific person account is not a robust way to automate things. So I second the wish to be able to create API keys that are tied to a LIR account, but not to a person.
Many UNIX daemons and other operating systems are associated with non-personal accounts. This is the same idea. kix -- I asked him once how to change the key bindings and Dave said: 'You use the Change Configuration command. On Unix it is abbreviated as cc.' Dave Conroy and Lawrence Stewart.