[Dovecot] Auth Issues - Urgent - Help!
Timo Sirainen
tss at iki.fi
Fri Nov 21 21:38:51 EET 2008
On Wed, 2008-11-19 at 22:17 -0500, David Cunningham wrote:
> Well, most of my issues are gone with adding auth cache. However, I
> am having an issue. Sometimes, even though cache incorrect passwords
> is disabled,
Do you mean auth_cache_negative_ttl=0 by this? It only affects "user not
found" caching.
> new passwords do not work. It would seem that once a
> user logs in with one password successfully the cache does not
> automatically retry if the user tries a different passwords. I would
> think that the auth cache should check to see if the password changed
> on the ldap server if something other than the cached password is
> entered.
>
> Is this something wrong with my configuraiton, or the auth code itself?
The way it should work is that:
1) User logs in with password X which succeeds.
2) Password is changed to Y.
3) User logs in with password Y. Dovecot sees that X != Y, but it sees
that the previous auth succeeded, so it'll do an auth lookup, sees that
the password was changed and caches it.
But this can also happen:
1) User logs in with password X which succeeds.
2) Password is changed to Y.
3) User logs in with password X, which succeeds.
Or:
1) User logs in with password X which succeeds.
2) User logs in with password Y. Dovecot sees that X != Y, but it sees
that the previous auth succeeded, so it'll do an auth lookup and sees
that the password wasn't changed.
3) Password is changed to Y.
4) User logs in with password Y. Dovecot sees that X != Y, but it sees
that the previous auth failed, so it doesn't bother doing another
lookup.
Can you consistently make Dovecot behave differently as described above?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20081121/c7f2f1ce/attachment.bin
More information about the dovecot
mailing list