On Thu, 2003-03-20 at 17:27, Charlie Brady wrote:
Privilege separation is a very good thing. Is there any more detailed documentation of how you have done yours than http://dovecot.procontrol.fi/doc/design.txt?
Not really. And I'm not really sure how I could get it more detailed? :) I think that tells the most relevant things.
I guess I asked the wrong question. I shouldn't have asked "how" - I should have asked "why have you done it that way?". The system you have seems over complex. Simple solutions (if they work correctly) are always better.
It's mostly about running things with least required privileges. I don't think it's really complex either, only thing that makes it more complex is IPC.
The current way also makes it possible to having long running auth and login processes. Especially long running auth process can give much higher performance since it doesn't have to keep reconnecting to LDAP or SQL server, or keep reopening and reparsing some passwd files every time a user logs in.