allowplaintext: no and aggregates
morgan at orst.edu
Fri Dec 6 14:44:37 EST 2013
On Fri, 6 Dec 2013, sofkam wrote:
> We are running a murder aggregate:
> Front-end db
> Three front-end servers
> One back end server
> Starting next year we are no longer permitting unencrypted connections
> (long time coming). Our supported authentication mechanisms are:
> sasl_mech_list: PLAIN LOGIN
> When I change allowplaintext to "no", will the back-end and front-end
> servers be able to communicate with each other? Or, do I need
> to add an additional non-plain authentication mechanism? Will the
> db-server require plain-text logins?
Good question... My backend servers are still allowing plaintext logins,
and all the proxy connections from the frontends are using plaintext. My
frontends have allowplaintext:0.
I suppose I could try this in my test environment...
Actually, it looks like my test environment has allowplaintext:0
everywhere, and connections from the frontends use PLAIN+TLS. Now I just
need to put this in place in my production environment too!
More information about the Info-cyrus