[Dovecot] Authentication cache, failure to login after changed password
Tom Sommer
mail at tomsommer.dk
Tue Jun 16 11:01:26 EEST 2009
Timo Sirainen wrote:
> On Sun, 2009-05-17 at 21:09 +0200, Tom Sommer wrote:
>
>> Timo Sirainen wrote:
>>
>>>> The cache seems to be faulty somehow, I wish there was a way to dump the
>>>> contents of the cache to debug this, because somehow I cannot forcefully
>>>> reproduce it.
>>>>
>>>>
>>> Here's a way:
>>>
>>> 1. Try to log in unsuccessfully.
>>> 2. Change the password.
>>> 3. Try to log in with the changed password -> doesn't work, because the
>>> old one is still cached.
>>>
>>>
>> If the auth is unsuccessful (cache missmatch), the cache should then go
>> for a lookup in the passdb, correct?
>>
> Only when the previous authentication was successful.
>
>>> # TTL for negative hits (user not found). 0 disables caching them completely.
>>> #auth_cache_negative_ttl = 3600
>>>
>>> I suppose there could be a new setting to use auth cache only for
>>> successful lookups..
>>>
>>>
>> I don't understand why it would cache negative lookups if I set
>> negative_ttl to 0, even if the setting isn't suppose to work that way
>> currently, it should.
>>
>
> Hmm. Maybe.
>
This is still a rather big support issue for us. We have customers who
are essentially blocked from their accounts because of the above auth
cache "functionality". Is this something you are willing to look at?
It's getting old to have to restart Dovecot when it happens :)
Thanks a lot
More information about the dovecot
mailing list