Murder and Backend Authentication

Hank Beatty hbeatty.lists at earthlink.net
Sat Feb 1 15:33:39 EST 2003


I'm thinking that in my case this isn't necessarily a problem because the
clients will not be able to reach the back end servers so all communication
will have to be proxied.

Hank

----- Original Message -----
From: "Rob Siemborski" <rjs3 at andrew.cmu.edu>
To: "Ken Murchison" <ken at oceana.com>
Cc: "Hank Beatty" <hbeatty.lists at earthlink.net>; "Cyrus-Info"
<info-cyrus at lists.andrew.cmu.edu>
Sent: Friday, January 31, 2003 4:35 PM
Subject: Re: Murder and Backend Authentication


> On Fri, 31 Jan 2003, Ken Murchison wrote:
>
> > Like Rob said, just PLAIN, which will require you to use STARTTLS, which
> > is only in 2.2.  That being said, since you will likely only have one or
> > two proxy admins, you could just put them in sasldb2 and use DIGEST-MD5.
>
> This may break some clients, since they may then try to authenticate using
> DIGEST-MD5 to the backend (Say, via a referral), and then get upset when
> they can't.
>
> You really want a uniform authentication enviornment for the aggregator.
>
> -Rob
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
> Research Systems Programmer * /usr/contributed Gatekeeper
>





More information about the Info-cyrus mailing list