[Dovecot] Authentication cache, failure to login after changed password
Tom Sommer
mail at tomsommer.dk
Tue Jan 20 10:53:47 EET 2009
Timo Sirainen wrote:
> On Mon, 2009-01-05 at 14:33 +0100, Tom Sommer wrote:
>
>> Sorry to bump this, but I can still reproduce it - I have enabled
>> auth_debug now to attempt to provide some more details.
>>
>
> Actually enable auth_debug_passwords=yes. It then also logs what's seen
> in the cache entries.
>
dovecot: Jan 20 09:01:18 Info: auth(default):
cache(user at example.com,127.0.0.1): miss
dovecot: Jan 20 09:01:18 Info: auth-worker(default):
sql(user at example.com,127.0.0.1): query: SELECT username as user,
plainpassword as password, nopassword FROM cyrususers WHERE username =
'user at example.com' AND password = PASSWORD('SECRET') AND active = 1
dovecot: Jan 20 09:01:18 Info: auth-worker(default):
sql(user at example.com,127.0.0.1): unknown user
dovecot: Jan 20 09:01:20 Info: auth(default): client out: FAIL 1
user=user at example.com
dovecot: Jan 20 09:01:20 Info: imap-login: Disconnected (auth failed, 1
attempts): user=<user at example.com>, method=PLAIN, rip=127.0.0.1,
lip=127.0.0.2
dovecot: Jan 20 09:01:32 Info: auth(default):
cache(user at example.com,127.0.0.1): hit:
dovecot: Jan 20 09:01:32 Info: auth(default):
cache(user at example.com,127.0.0.1): User unknown
dovecot: Jan 20 09:01:34 Info: auth(default): client out: FAIL 1
user=user at example.com
It appears the user missed the cache, a SQL lookup is performed (which
returns 1 record, I tested the query directly) - however for some reason
the lookup is set as Unknown User, a state which it then keeps.
Obviously I can adjust this with auth_cache_negative_ttl, but I presumed
the default value was always 0
Setting auth_cache_negative_ttl = 0 now and awaiting results
--
Tom Sommer
More information about the dovecot
mailing list