On Fri, 6 Dec 2013, sofkam wrote: > We are running a murder aggregate: > > Front-end db > Three front-end servers > One back end server > > Starting next year we are no longer permitting unencrypted connections > (long time coming). Our supported authentication mechanisms are: > > sasl_mech_list: PLAIN LOGIN > > When I change allowplaintext to "no", will the back-end and front-end > servers be able to communicate with each other? Or, do I need > to add an additional non-plain authentication mechanism? Will the > db-server require plain-text logins? Good question... My backend servers are still allowing plaintext logins, and all the proxy connections from the frontends are using plaintext. My frontends have allowplaintext:0. I suppose I could try this in my test environment... Actually, it looks like my test environment has allowplaintext:0 everywhere, and connections from the frontends use PLAIN+TLS. Now I just need to put this in place in my production environment too! Andy ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
