Using SASL/GSSAPI to authenticate peers for replication would potentially make things simpler as it will not require to create and distribute passwords and potentially even remove the requirement to configure SSL certs as GSSAPI also provides encryption. It would also make it possible to more easily rekey services regularly for additional security in future.
NOTE: this investigation is blocked by this DS bug: https://bugzilla.redhat.com/show_bug.cgi?id=525822
The DS bug has been solved and using GSSAPI for replication has been tested manually as part of the resolution. Closing.
Metadata Update from @simo: - Issue assigned to simo - Issue set to the milestone: Tickets Deferred
Login to comment on this ticket.