[dovecot] Re: inetd/xinetd/tcpserver support

Timo Sirainen tss at iki.fi
Thu Mar 20 20:46:11 EET 2003


On Thu, 2003-03-20 at 17:27, Charlie Brady wrote:
> > > Privilege separation is a very good thing. Is there any more detailed 
> > > documentation of how you have done yours than 
> > > http://dovecot.procontrol.fi/doc/design.txt?
> > 
> > Not really. And I'm not really sure how I could get it more detailed? :)
> > I think that tells the most relevant things.
> 
> I guess I asked the wrong question. I shouldn't have asked "how" - I 
> should have asked "why have you done it that way?". The system you have 
> seems over complex. Simple solutions (if they work correctly) are always 
> better.

It's mostly about running things with least required privileges. I don't
think it's really complex either, only thing that makes it more complex
is IPC.

The current way also makes it possible to having long running auth and
login processes. Especially long running auth process can give much
higher performance since it doesn't have to keep reconnecting to LDAP or
SQL server, or keep reopening and reparsing some passwd files every time
a user logs in.




More information about the dovecot mailing list