[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ITS#6475
<masarati@aero.polimi.it> wrote:
> > access to * attrs=cmusaslsecretOTP
> > by dn.regex="cn=replica,o=test" write stop
> > by * break
>
> This is orthogonal to the sasl auxprops discussion. It's a matter of
> well-configuring the authorizing identity in slapo-chain(5).
I pointed it here for future reference because this is an unusual case.
I suspect everyone configure replicas with universal read-only access.
For this to work, replica must also have write access to
cmusaslsecretOTP.
> > Another point: bind on the replica is impossible when the master is
> > down. I understand this is to prevent replaying the same OTP on multiple
> > replicas, but that defeats the purpose of setting up replicas for fail
> > over.
>
> This was clearly pointed out at the beginning of the discussion. You
> can't have both, it should be clear.
Yes, I understand that.
> Right now, cmusaslsecretOTP is hardcoded, because if the shadow copy is
> used, OTP breaks. If it is acceptable to have it broken, we can remove
> the hardcoding, and let admins decide whether they prefer fail-over over
> consistency. I'd have no doubt, and favor consistency.
When you tell about using the shadow copy, the modification will still
be sent to the master, right? Such a behavior allows replays attacks
within the modification propagation time frame, but it ensures that bind
are still possible when then master is down. I think it could be
interesting to have a configuration setting for that.
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org