[Dovecot] auth processes

[Timo Sirainen]

On Thu, 2010-02-18 at 12:47 -0600, Stan Hoeppner wrote:
> > Are you using passwd/pam combination? The second process is "auth
> > worker", which does blocking passdb/userdb lookups. The v1.0 behavior
> > was causing bugs.
> 
> Yep:
> auth default:
>   worker_max_count: 1
>   process_size: 16
>   passdb:
>     driver: pam
>   userdb:
>     driver: passwd
> 
> If this is what the worker does, what does the "master" do?

With v1.0 each PAM lookup caused dovecot-auth to fork a new process,
which then did the PAM stuff and then exited. With v1.1+ the auth worker
process does this so that there's no need for the forking (that caused
problems with some nss/pam combinations).

So dovecot-auth master gets the actual auth requests and starts handling
them. When it needs to do a blocking passdb/userdb lookup, it connects
to auth worker, which then does the actual (potentially long running)
lookup. If you've enough load, more auth worker processes are created as
necessary.

Hmm. You could try setting auth_worker_max_request_count=1 to see if
that gets rid of the processes after they've handled the request.

> > Currently there's no way to avoid that, except if you switch from PAM to
> > e.g. shadow. v2.0 stops idling processes after a minute (but there are a
> > some other new long running processes, and also it looks like that
> > idle-stopping isn't currently working for some reason).
> 
> IIRC both dovecot-auth processes are staying resident even with no clients
> connected.

Yes, only v2.0 has the idle-stopping feature.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20100218/9872e3b6/attachment.bin