allowplaintext: no and aggregates
Dan White
dwhite at olp.net
Fri Dec 6 14:53:04 EST 2013
On 12/06/13 14:04 -0500, sofkam wrote:
>We are running a murder aggregate:
>
> Front-end db
> Three front-end servers
> One back end server
>
>Starting next year we are no longer permitting unencrypted connections
>(long time coming). Our supported authentication mechanisms are:
>
> sasl_mech_list: PLAIN LOGIN
>
>When I change allowplaintext to "no", will the back-end and front-end
>servers be able to communicate with each other? Or, do I need
>to add an additional non-plain authentication mechanism? Will the
>db-server require plain-text logins?
Enabling TLS should allow plaintext logins even where allowplaintext is set
to no. You could also enable sasldb or another auxprop plugin, use a shared
secret mechanism such as digest-md5, for your server to server
communications. However, if you enable a shared secret mechanism on a
frontend server, or a backend server (if you allow clients to connect
directly to one), you will likely see authentication failures from clients
attempting digest-md5 auth, unless those users exist within your auxprop
database.
--
Dan White
More information about the Info-cyrus
mailing list