Dear list,
I want to share the following remarks concerning sync_user configuration
and usage.
In a setup where the master and replica are on different servers and you
don't mix master and replica's you can set up rather good security model.
master imapd.conf:
admin: cyrus
sync_authname: syncuser
replica: imapd.conf
admins: cyrus, syncuser
However if you are running replica's and masters on the same server (of
different instances) you'll have your sync_password on the server in
plain text. And thus the possibility of getting it abused (only on the
replica).
However, if you want to be able to failback, and you'll need to add your
syncuser to the admins of the master server.
In the end, your are just easier and better of in using one user for
replication and admin.
However I like to possibility to have a different user for replication.
It would maybe be nice to have some more privilege separation between
the replication and admin users. E.g. the replication user don't have
to be in the admin list. Wouldn't it?
I agree one could use some kind of password (Kerberos or md5 or ssl
certs.) less authentication, but that adds extra complexity if you don't
have (had) that already running.
Kind regards,
Rudy
