Authentication options for maintainer objects

Authentication methods currently supported by the database are described below.

Important: At APNIC 16, a proposal was accepted to deprecate NONE as an auth method. On 5 April 2004, APNIC replaced the NONE authentication method in existing maintainer objects with CRYPT-PW. For more information, see prop-010-v001.

Authentication keyword	Description
CRYPT-PW	Stored in the auth attribute as a fixed encrypted password in UNIX crypt format. This is a relatively weak form of authentication as a password can only be up to eight characters in length. Advantages of this method include: Ease of use. Widely spread method Disadvantages of this method include: Database submissions must include the clear text password which may be intercepted The encrypted form of the password is exposed in the maintainer object and may be subject to password guessing attacks To update your maintainer object to use CRYPT-PW, use the online APNIC Maintainer Object Request Form. To authenticate changes to objects protected by maintainers using this method, the object must contain the pseudo-attribute password anywhere in the object in the format: password: <clear-text-password> Example: password: seCret02 The pseudo-attribute cannot appear in mail headers and cannot continue over more than one line.
MD5	Stored in the auth attribute as a fixed encrypted password in UNIX md5 format. This is a stronger form of authentication than CRYPT-PW as a password can be up to 65 characters in length. Advantages of this method include: Ease of use. Widely spread method The MD5 encrypted form of the password is stronger than CRYPT-PW if subjected to password guessing attacks. Disadvantages of this method include: Database submissions must include the clear text password which may be intercepted. To update your maintainer object to use MD5, use the online APNIC Maintainer Object Request Form. To authenticate changes to objects protected by maintainers using this method, the object must contain the pseudo-attribute password anywhere in the object in the format: password: <clear-text-password Example: password: veR1SecretpaSsw0rD The pseudo-attribute cannot appear in mail headers and cannot continue over more than one line.
PGPKEY	Stored in the auth attribute as a signature identity pointing to a public key certificate. The public key certificate is stored in a separate key-cert object. To authenticate changes to objects protected by maintainers using this method, the submission must be signed by the corresponding private key. Advantages of this method: This is the strongest auth method currently available in the APNIC Whois Database. Users must learn PGP signing techniques. For more information, see: http://www.pgpi.org To update your authentication method to PGPKEY, see PGP authentication and maintainer objects.

Authentication options for maintainer objects

See also