[dovecot] Re: Long running auth/login processes (was Re: Re: inetd/xinetd/tcpserver support)
Charlie Brady
charlieb-dovecot at e-smith.com
Thu Mar 20 23:27:17 EET 2003
On 20 Mar 2003, Timo Sirainen wrote:
> On Thu, 2003-03-20 at 21:05, Charlie Brady wrote:
> >
> > Why do you care about long running login processes?
>
> That gives less amount of total running processes since you don't need
> extra one for handling SSL.
You need two processes per connection or you don't have adequate privilege
separation. In my case, I have one acting either as a cleartext proxy or
as an SSL wrapper, and the other does authentication and then execs the
imap daemon. How would you avoid one
> It also does SSL initialization only once, instead of once per
> connection. Sure, this could also be done by separate long running SSL
> process.
Yes, it would be nice to do SSL initialization once, but I don't think the
performance issue is enough to compomise the security and reliabilty of
the system for.
> Anyway, I don't really care much about it since it pretty much means
> that exploiting it gives access to connections of all users.
So you don't want to have a long running login process after all?
> > The long running auth process problem can be solved by using a unix domain
> > socket. This is how Bruce Guenter's mailfront works. The authenticator
> > runs long term, and listens to a socket (unix domain preferred, but there
> > are other options). The login process is run from tcpserver, and gathers
> > information from the client, and then connects to the authenticator and
> > verified the information.
>
> So, is it really much different from my design then?
I don't know, but I'm trying to learn. You know your design and your code;
I'm just feeling my way around. Your documentation is good in parts, but
there are still big gaps. The installation documentation only covers
building - I have yet to find anything which tells me how to execute
dovecot (have I missed it?). I'm not sure which processes run when, and
exactly what communication occurs between them over what communication
channels.
> Sounds like the
> only difference is that it runs login code as root and exec()s imap
> binary after login, where my code sends it through master process which
> forks new imap process.
I don't know exactly what "sent it through master process" means.
I have a preference for running simple software which I already have
reason to trust. This is why I want to use tcpserver, and why I have a
leaning towards using mailfront and cvm. I know that stunnel isn't
completely wonderful, but it is very widely used, and the chroot feature
added by Scott Gifford fixes the principal weakness.
I am looking for a better IMAP daemon than I have at present, but I would
prefer not to have a new system of authentication, and a new network
connection monitor. There is a lot of new (to me) code in dovecot, but the
only code of high value to me is the imap daemon itself.
I hope this explains my line of questioning to you a little.
--
Charlie
More information about the dovecot
mailing list