On 22 Jan 2009, at 12:31, Ian Batten wrote: > With my private network hat on, I have a requirement to secure > replication. I have one machine in a data centre which runs 2.3.13 on > Solaris 10. I've recently brought up an Open Solaris machine at home, > similarly running 2.3.13, with a static IP number and an appropriate > hole in the firewall to run replication. Which is all good, but I'm > not at all sure how good my ISP is at preventing Bad People from mis- > using IP numbers, so I'd like to require the sync_server to offer a > certificate to prove its good will to the sync_client. I assume I can > do it, but what are the options? If the sync_server isn't allowed to accept clear text passwords and is configured to provide certificates, you should be all set. sync_server supports STARTTLS with the same routines as everything else, sync_client is using the same backend_connect() routine that everything else uses. It should "Just Work". :wes ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
