'Re: enforcing TLS certificates for replication'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       info-cyrus
Subject:    Re: enforcing TLS certificates for replication
From:       Duncan Gibb <Duncan.Gibb () SiriusIT ! co ! uk>
Date:       2009-01-27 11:29:00
Message-ID: 497EEFFC.1090901 () SiriusIT ! co ! uk
[Download RAW message or body]

Last week, Wesley Craig wrote:

IB> I have one machine in a data centre which runs 2.3.13
IB> [and a] machine at home, similarly running 2.3.13,
IB> with a static IP number and an appropriate hole in the
IB> firewall to run replication.  Which is all good, but
IB> I'm not at all sure how good my ISP is at preventing
IB> Bad People from mis-using IP numbers, so I'd like to
IB> require the sync_server to offer a certificate to prove
IB> its good will to the sync_client.

WC> If the sync_server isn't allowed to accept clear text
WC> passwords and is configured to provide certificates,
WC> you should be all set.
WC> [..] It should "Just Work".

If you want to try also using certificates to authenticate the client to
the server, you might like to look at my patch - thus far only tested
for traditional murder FE->BE and FE/BE->MUPDATE authentication:

  https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3133


Cheers


Duncan

-- 
Duncan Gibb, Technical Director
Sirius Corporation plc - The Open Source Experts
http://www.siriusit.co.uk/
Tel: +44 870 608 0063
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic