sync_authname usability

Wesley Craig wes at
Wed Jul 14 13:45:12 EDT 2010

On 05 Jul 2010, at 07:51, Rudy Gevaert wrote:
> However if you are running replica's and masters on the same server  
> (of different instances) you'll have your sync_password on the  
> server in plain text.  And thus the possibility of getting it  
> abused (only on the replica).
> However, if you want to be able to failback, and you'll need to add  
> your syncuser to the admins of the master server.
> In the end, your are just easier and better of in using one user  
> for replication and admin.
> However I like to possibility to have a different user for  
> replication.
> It would maybe be nice to have some more privilege separation  
> between the replication and admin users.  E.g. the replication user  
> don't have to be in the admin list.   Wouldn't it?

Would more privilege separation actually improve the security model  
in the cases above?


More information about the Cyrus-devel mailing list