[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL OTP and syncrepl

> IMO, OTP is inherently incompatible with replicas because a client can
> authenticate to each replica with what is intended to be a one time
> password.  The only way to preclude this is, as was basically suggested,
> is to chain it to the master such that each password can only be used one
> time.

I have an "easy" fix in this direction; however, I stumbled into another
issue: if slapo-chain(5) gets involved in an internal operation, it does
not honor custom callbacks registered for the internal operation, and
rather attempts to return the result to the caller.  As a consequence, I
need to address this issue first, before solving the original one.