[Dovecot] Wrong credential caching

Timo Sirainen tss at iki.fi
Tue Jul 7 20:42:34 EEST 2009


On Tue, 2009-07-07 at 12:50 +0200, Ralf Hildebrandt wrote:
> Then I told him that he's supposed to use an "l" instead of "L" but:
> 
> Jul  7 12:42:01 postamt dovecot: imap-login: Login: user=<loser>, method=PLAIN, rip=10.47.64.227, lip=141.42.4.250, TLS

This is a successful login as "loser". This is logged only after
authentication, and I guess there should have been some auth lines
before that?

> Jul  7 12:42:02 postamt dovecot: auth(default): client in: ...
> Jul  7 12:42:02 postamt dovecot: auth(default): cache(Loser,10.47.64.227): hit: 
> Jul  7 12:42:02 postamt dovecot: auth(default): cache(Loser,10.47.64.227): User unknown
> Jul  7 12:42:02 postamt dovecot: auth(default): cache(Loser,10.47.64.227): hit: 
> Jul  7 12:42:02 postamt dovecot: auth(default): cache(Loser,10.47.64.227): User unknown
> Jul  7 12:43:50 postamt dovecot: imap-login: Disconnected (auth failed, 1 attempts): user=<Loser>, method=PLAIN, rip=10.47.64.227, lip=141.42.4.250, TLS: Disconnected

Here again it looks like the user is logging in a second later as
"Loser". Maybe the user has multiple clients? Or the client is just
messed up and used both.

> I think the auth cache may work case-insensitive, 

It's case-sensitive.

I also tried and couldn't reproduce the problem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090707/5ced4df9/attachment.bin 


More information about the dovecot mailing list