Dovecot auth username mapping

Laz C. Peterson laz at paravis.net
Thu Jul 2 15:07:04 UTC 2015


Ahh Peter, good call on this one!

<beating head into desk><pause><beating head into desk again><thumbs up>

So after playing around with the order of authentication in Dovecot, you are correct, the PAM timeout was causing the holdup.  I guess since PAM has no way of looking up whether or not a user exists prior to authenticating, this is causing the hiccup, versus LDAP which can search for a user’s existence prior to the auth.  Switching these around, I notice almost *no* degradation in performance for PAM authentications, and the LDAP authentications run smooth as I would hope them to.

Awesome, so now we have our solution!  (I think.)

Gotta say, a lot of love goes out to the Dovecot community (especially Timo!) for all the inspiration and help that I’ve received.  Dovecot is a great app and this community is the backbone of it all.  Cheers to all!

Thanks again.

~ Laz Peterson
Paravis, LLC
Ph: 951.319.3240 x201

> On Jul 2, 2015, at 6:25 AM, Laz C. Peterson <laz at paravis.net> wrote:
> 
> Peter,
> 
> Yes that is a possibility.  I will try disabling PAM (or switching the auth order) and see if that makes a difference.  Thanks for the suggestion!
> 
> ~ Laz Peterson
> Paravis, LLC
> Ph: 951.319.3240 x201
> 
>> On Jul 1, 2015, at 11:34 PM, Peter Chiochetti <pch at myzel.net> wrote:
>> 
>> Am 2015-07-02 um 01:41 schrieb Laz C. Peterson:
>>> 
>>> I did attempt to switch the PAM/Kerberos authentication to Dovecot
>>> LDAP authentication, but now performance is unbelievably slow.
>>> Any thoughts to this?
>> 
>> In case you have multiple passdb backends, it could be, that LDAP only gets its chance, after PAM did time out.
>> 
>> 
>> -- 
>> peter



More information about the dovecot mailing list