[Dovecot] Dovecot hanging up with many defunct processes
Troy Engel
tengel at fluid.com
Tue Oct 9 19:36:07 EEST 2007
Mayank Joshi wrote:
>
> passdb:
> driver: pam
> userdb:
> driver: passwd
> 4) Dovecot's PAM file (/etc/pam.d/dovecot)
> #%PAM-1.0
> auth required pam_ldap.so
> account required pam_ldap.so
> session required pam_mkhomedir.so skel=/etc/skel umask=0077
> session required pam_ldap.so
Our situation is similar (but not exact) to yours - I'm authenticating
against LDAP though and not AD2003. Perhaps one of these settings I use
may help:
dovecot.conf:
login_process_per_connection: no
auth default:
cache_size: 4096
cache_ttl: 7200
passdb:
driver: pam
args: cache_key=%u dovecot
userdb:
driver: passwd
args: blocking=yes
The blocking=yes in the userdb might be the first thing you try, see
these wiki pages for the reasons I have it like this:
http://wiki.dovecot.org/UserDatabase/NSS
http://wiki.dovecot.org/AuthDatabase/Passwd
Additionally my pam.d dovecot uses the system stack, which *then* uses
nss_ldap on it's own; I don't specifically bind pam_ldap into the
dovecot pam.d file:
# cat /etc/pam.d/dovecot
#%PAM-1.0
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
In this case the file /etc/nsswitch.conf is controlling my
authentication mechanism (LDAP), and the pam_ldap.so stack entry is
located in /etc/pam.d/system-auth (these are all Red Hat defaults out of
the box).
Hope some of this helps,
-te
--
Troy Engel | Systems Engineer
Fluid, Inc | http://www.fluid.com
More information about the dovecot
mailing list