On November 20, 2006 1:53:59 PM -0800 Frank Cusack <fcusack@fcusack.com> wrote:
Here is my first go at fixing it. It almost works.
- cache is initialized correctly
- user password is cached correctly until ttl expires
Once the ttl expires, dovecot attempts to use the cached password to authenticate. This fails in my environment. Then (after trying PAM with the cached password, even though ttl has expired) dovecot prompts the user for the password, however it never sends the request to PAM.
Some combination of waiting and trying again gets it working again, I haven't quite figure that one out. Might be waiting for the ttl expiry on the second (failed) request.
I think the after-ttl-expiry problems are due to a broken cache implementation, not really a problem with my patch. But maybe I need to do something to clear the cache? I didn't see anything like that in passdb-passwd.c.
Nope, it was my fault.
a) I was saving the user's entered password in the cache, not the correct password as known to pam b) I didn't need to save it explicitly, this is done already. Saving it explicitly was refreshing the cache (with the wrong password), I think.
Here is a simpler patch which just initializes default_pass_scheme. Also I removed the code which allows changing of the username ... since that code runs in the child and does nothing AFAICT. Maybe that part of my patch is broken though.
works for me ...
-frank