[Dovecot] auth_cache multiple passwords ?

Timo Sirainen tss at iki.fi
Mon Jun 22 07:57:17 EEST 2009


On Tue, 2009-06-16 at 14:06 +0200, Geoffroy Desvernay wrote:
> > The only usable solution I see is to disable negative auth caching and
> > use this patch from v1.2:
> > http://hg.dovecot.org/dovecot-1.2/rev/8a23ab43132a
> > 
> Thank you !
> 
> I compiled 1.1.16 with this patch (applied manually).
> 
> If I understand what it does (I'm not sure at all), It just allow
> disabling negative caching of wrong passwords, but it doesn't allow to
> cache multiple passwords for one 'cache_key', am I right ?

Right.

> In my test-case, this patch allows the webmail to work, getting a new
> ticket for each IMAP connection (1 login failure then login success with
> a new ticket) in case of concurrent connections with a same login. (the
> last who clicks kicks out others from the cache)
> 
> I think dovecot understands this as a 'password change', and this
> behaviour seems correct for all but this case :(

You did set auth_cache_negative_ttl=0, right? It should have worked
then, because whenever authentication from cache fails Dovecot ignores
whatever is in the cache and does another passdb lookup.

> How difficult would it be to keep cached more than one password by key ?

Way too difficult. But it's not necessary to get your system working.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090622/c2d55730/attachment.bin 


More information about the dovecot mailing list