sync_authname usability
Wesley Craig
wes at umich.edu
Wed Jul 14 13:45:12 EDT 2010
On 05 Jul 2010, at 07:51, Rudy Gevaert wrote:
> However if you are running replica's and masters on the same server
> (of different instances) you'll have your sync_password on the
> server in plain text. And thus the possibility of getting it
> abused (only on the replica).
>
> However, if you want to be able to failback, and you'll need to add
> your syncuser to the admins of the master server.
>
> In the end, your are just easier and better of in using one user
> for replication and admin.
>
> However I like to possibility to have a different user for
> replication.
>
> It would maybe be nice to have some more privilege separation
> between the replication and admin users. E.g. the replication user
> don't have to be in the admin list. Wouldn't it?
Would more privilege separation actually improve the security model
in the cases above?
:wes
More information about the Cyrus-devel
mailing list