On 12/06/13 14:04 -0500, sofkam wrote: >We are running a murder aggregate: > > Front-end db > Three front-end servers > One back end server > >Starting next year we are no longer permitting unencrypted connections >(long time coming). Our supported authentication mechanisms are: > > sasl_mech_list: PLAIN LOGIN > >When I change allowplaintext to "no", will the back-end and front-end >servers be able to communicate with each other? Or, do I need >to add an additional non-plain authentication mechanism? Will the >db-server require plain-text logins? Enabling TLS should allow plaintext logins even where allowplaintext is set to no. You could also enable sasldb or another auxprop plugin, use a shared secret mechanism such as digest-md5, for your server to server communications. However, if you enable a shared secret mechanism on a frontend server, or a backend server (if you allow clients to connect directly to one), you will likely see authentication failures from clients attempting digest-md5 auth, unless those users exist within your auxprop database. -- Dan White ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
