Michael Loftis wrote:
I guess that's what CRAM-MD5 is for, but the frontend refuses to talk to
the backend if it is presented with CRAM-MD5 only. Is there any way to do
this or I am doing something really wrong? :)
See earlier in this thread. It's not at all possible in stock Cyrus.
You have to patch it to allow that. I've got one for older versions of
cyrus, 2.1.17 ish, but they'll need cleanup. Thanks to Henrique de
Moraes Holscuh who provided me with them.
Really? I've been reading the source code and looks like these are the
options for the mechanisim in the communication between the frontends
and backends, at least what I have been able to understand:
* DIGEST-MD5. It's secure and send all the data afterwards encrypted.
* Cram-MD5. It's secure and send the data in the clear. But it doesn't
work on backend-frontend because it is not able to do proxying.
* Login. It's not secure and does not support proxying.
* Plain. It's not secure but it is able to do proxying. But, it needs to
be sent under an extra security layer. So, it requires TLS to be enabled.
So, the thing is that when you have referrals disabled and you are going
to have all backends in a private network, looks like it's a waste of
resources to be encrypting the data transferred between back and frontends.
Anyway, I am now testing a pacth to cyrus where TLS has been disabled
only when using PLAIN between the components of a murder system.
--
Jesus Roncero <jesus@xxxxxxxxxxxxx>
System Developer
Tel: +44 (0) 845 666 7778
http://www.mxtelecom.com
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
