[Dovecot] auth_cache multiple passwords ?
Timo Sirainen
tss at iki.fi
Mon Jun 22 07:57:17 EEST 2009
On Tue, 2009-06-16 at 14:06 +0200, Geoffroy Desvernay wrote:
> > The only usable solution I see is to disable negative auth caching and
> > use this patch from v1.2:
> > http://hg.dovecot.org/dovecot-1.2/rev/8a23ab43132a
> >
> Thank you !
>
> I compiled 1.1.16 with this patch (applied manually).
>
> If I understand what it does (I'm not sure at all), It just allow
> disabling negative caching of wrong passwords, but it doesn't allow to
> cache multiple passwords for one 'cache_key', am I right ?
Right.
> In my test-case, this patch allows the webmail to work, getting a new
> ticket for each IMAP connection (1 login failure then login success with
> a new ticket) in case of concurrent connections with a same login. (the
> last who clicks kicks out others from the cache)
>
> I think dovecot understands this as a 'password change', and this
> behaviour seems correct for all but this case :(
You did set auth_cache_negative_ttl=0, right? It should have worked
then, because whenever authentication from cache fails Dovecot ignores
whatever is in the cache and does another passdb lookup.
> How difficult would it be to keep cached more than one password by key ?
Way too difficult. But it's not necessary to get your system working.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090622/c2d55730/attachment.bin
More information about the dovecot
mailing list