Authentication options for mntner objects

Authentication methods currently supported by the database are described below.

Authentication keyword Description
CRYPT-PW Stored in the auth attribute as a fixed encrypted password in UNIX crypt format. This is a relatively weak form of authentication as a password can only be up to eight characters in length.

Advantages of this method include:

  • Ease of use
  • Widely spread method.

Disadvantages of this method include:

  • Database submissions must include the clear text password which may be intercepted
  • The encrypted form of the password is exposed in the maintainer object and may be subject to password guessing attacks.
MD5 Stored in the auth attribute as a fixed encrypted password in UNIX md5 format. This is a stronger form of authentication than CRYPT-PW as a password can be up to 65 characters in length.

Advantages of this method include:

  • Ease of use
  • Widely spread method
  • The MD5 encrypted form of the password is stronger than CRYPT-PW if subjected to password guessing attacks.

Disadvantages of this method include:

  • Database submissions must include the clear text password which may be intercepted.
To update your maintainer object to use MD5, please go to MyAPNIC.
PGPKEY Stored in the auth attribute as a signature identity pointing to a public key certificate. The public key certificate is stored in a separate key-cert object. To authenticate changes to objects protected
by maintainers using this method, the submission must be signed by the corresponding private key.Advantages of this method:

  • This is the strongest auth method currently available in the APNIC Whois Database
  • Users must learn PGP signing techniques. For more information, see: http://www.pgpi.org

 

To update your authentication method to PGPKEY, see:

PGP authentication and mntner objects

Back to mntner object