[Dovecot] Removing specific entry in user/auth cache

Timo Sirainen tss at iki.fi
Thu Jun 28 09:43:49 EEST 2012


On Wed, 2012-06-27 at 19:08 -0700, Joseph Tam wrote:
> > I dont known about Angel, but for me is useful because sometimes i need to
> > deactivate smtp/imap/pop access from accounts, or change their home after
> > storage migration, and removing a specific record i can use a long time
> > cache.
> 
> I'm not sure that the auth cache holds that information, 

userdb lookups are also cached.

> but I think you
> can at least invalidate a particular auth cache entry by
> 
>  	1) Changing the user password (and save the previous hash)
>  	2) Authenticate using the new credentials (and invalidate
>  		the auth cache entry).  For example, you can just
>  		do a manual connection on your dovecot server
> 
>  			x login someuser newpassword
> 
>  		This will replace the cache entry with a new one.
> 
>  	3) When you are ready to put the account back online, change the
>  		password back to the original.  A password mismatch forces
>  		a resync to your authentication system which will restore
>  		the auth cache.

This works for passdb cache, but not for userdb cache.

It would be possible to add a doveadm command for this.. I think the
main reason why I already didn't do it last time I was asked this was
because I wanted to use "doveadm auth cache flush" or something similar
as the command, but there already exists "doveadm auth" command and
"cache flush" would be treated as username=cache password=flush :(

Anyone have thoughts on a better doveadm command name? Or should I just
break it and have v2.2 use "doveadm auth check" or something for the old
"doveadm auth" command?



More information about the dovecot mailing list