FastMail.FM patchset updated

Bron Gondwana brong at fastmail.fm
Fri Feb 23 06:39:45 EST 2007


On Thu, Feb 22, 2007 at 10:07:51PM +0000, Matt Bernstein wrote:
> At 16:00 -0500 Ken Murchison wrote:
> 
> >I still don't understand why the allow-plaintext-for-sync_client 
> >patch is needed.  Doesn't 'sync_server -p2' accomplish the same 
> >thing?
> 
> I was bitten by this today, and saw you mention this in another 
> thread. I don't know why, but although '-p2' made synctest work, 
> sync_client still seemed to insist on STARTTLS. Making a dummy 
> server cert "solved" the problem for me, but I'd rather use 
> DIGEST-MD5 auth and spare my CPU cycles for the sync processes.
> 
> Hope that's useful, sorry it wasn't any more scientific

Yeah, that sounds somewhat familiar.  I remember getting really
frustrated at it when I was first testing.  Along the lines of
"dammit, just let me tell you what I want or at least give me a
meaningful error message" and decided that the level of trust
that the sync process demanded for its connection wasn't really
sane given that all our servers have both-direction sync and the
password for all of them is "syncpasswd" or something similarly
exciting.  If someone can get on that network there's enough
other unprotected traffic flying around that the sync_client
password is going to be the least of our worries.

Bron.


More information about the Cyrus-devel mailing list