allowplaintext: no and aggregates

Andrew Morgan morgan at
Fri Dec 6 14:44:37 EST 2013

On Fri, 6 Dec 2013, sofkam wrote:

> We are running a murder aggregate:
>        Front-end db
>        Three front-end servers
>        One back end server
> Starting next year we are no longer permitting unencrypted connections
> (long time coming).  Our supported authentication mechanisms are:
>      sasl_mech_list: PLAIN LOGIN
> When I change allowplaintext to "no", will the back-end and front-end
> servers be able to communicate with each other?  Or, do I need
> to add an additional non-plain authentication mechanism?  Will the
> db-server require plain-text logins?

Good question...  My backend servers are still allowing plaintext logins, 
and all the proxy connections from the frontends are using plaintext.  My 
frontends have allowplaintext:0.

I suppose I could try this in my test environment...

Actually, it looks like my test environment has allowplaintext:0 
everywhere, and connections from the frontends use PLAIN+TLS.  Now I just 
need to put this in place in my production environment too!


More information about the Info-cyrus mailing list