Plain text password between frontend and backend

Ken Murchison murch at
Thu Dec 15 08:18:35 EST 2005

Ramya Krishnan wrote:
> Michael Loftis wrote:
>> -nodes IIRC
>> --On December 15, 2005 12:43:53 PM +0530 Ramya Krishnan 
>> <ramya_krishnan at> wrote:
>>> Ken Murchison wrote:
>>> Because the frontends proxy as the user to the backend, the IMAP LOGIN
>>> command can not be used.  The only plaintext SASL mechanism that can be
>>> used is PLAIN, but you can't use it unless protected by TLS.  Looking at
>>> the CAPABILITY output above, it doesn't look like you've configured TLS.
>>> You might also be able to fake this by running imapd on the backends 
>>> with
>>> the '-p 2' option.
>>> 1. I have 2 backend servers and one proxy-cum/mupdate server. The
>>> password comes as clear text over the network (unsafe) to proxy. Then I
>>> am forced to use TLS between the backend and frontend servers... This
>>> network is safe and i dun want the overhead of ssl... Is there a way to
>>> overcome this
> Do I have to use TLS for communication between the front-end and backend 
> servers??

You have to use a SASL mechanism which allows proxy authentication 

How can your frontend/backend network be considered safe, when you have 
to allow clients to be able to access backends directly (for referrals)?

Kenneth Murchison
Systems Programmer
Carnegie Mellon University

More information about the Info-cyrus mailing list