Logging doesn't use the auth_request_log_*() calls like rest of
the Dovecot-auth. Now things like service name (imap, pop3, ..) or
remote IP address aren't logged.The debug logging probably could be enabled with auth_debug=yes
instead of a separate debug option. Although it seems like it's more
meant for developers with the __LINE__ and __FUNCTION__ strings and
things like refcounts which aren't useful for admins.The debug logging seems to be written mostly for developers. Are
they still even useful at that level (e.g. refcounts More admin- oriented debug logging (with auth_debug=yes) would also have been
helpful.The hardcoded maildir: and quota_rule stuff won't get in like
that. :) They'll have to be configurable somehow. Actually couldn't
the whole configuration have been just like with ldap db? (Or actually
the ldap config is a bit annoying, I was planning on making the user/ pass_attrs be configured a bit differently.)Passing in_od_info->mem_pool all around just seems to make the
code more confusing, since I doubt it's ever going to be anything else
than system_pool?CRAM-MD5 and APOP request/response handler stealing is pretty
evil, especially with the duplicated structs. I'm sure there's a
better way, although probably requires larger changes.There are a lot of imap/pop3 references. How would e.g.
managesieve work?I'd change several if + i_error() checks to just i_assert()s.