Plain text password between frontend and backend
murch at andrew.cmu.edu
Thu Dec 15 08:18:35 EST 2005
Ramya Krishnan wrote:
> Michael Loftis wrote:
>> -nodes IIRC
>> --On December 15, 2005 12:43:53 PM +0530 Ramya Krishnan
>> <ramya_krishnan at sifycorp.com> wrote:
>>> Ken Murchison wrote:
>>> Because the frontends proxy as the user to the backend, the IMAP LOGIN
>>> command can not be used. The only plaintext SASL mechanism that can be
>>> used is PLAIN, but you can't use it unless protected by TLS. Looking at
>>> the CAPABILITY output above, it doesn't look like you've configured TLS.
>>> You might also be able to fake this by running imapd on the backends
>>> the '-p 2' option.
>>> 1. I have 2 backend servers and one proxy-cum/mupdate server. The
>>> password comes as clear text over the network (unsafe) to proxy. Then I
>>> am forced to use TLS between the backend and frontend servers... This
>>> network is safe and i dun want the overhead of ssl... Is there a way to
>>> overcome this
> Do I have to use TLS for communication between the front-end and backend
You have to use a SASL mechanism which allows proxy authentication
(PLAIN, DIGEST-MD5, KERBEROS).
How can your frontend/backend network be considered safe, when you have
to allow clients to be able to access backends directly (for referrals)?
Carnegie Mellon University
More information about the Info-cyrus