Hello,
there seems to be a bug in the authentication caching code when using it in combination with username_translation (using the current version 1.0.7 on FreeBSD 6).
I've set username_translation to +@:@ to allow usernames of the form test+dom.ain or test:dom.ain (historical reasons force us....).
If someone has a successful login using the username test@dom.ain, the subsequent authentication information is read from the cache, no matter which of the 3 possible usernames the client uses the next time.
But if someone has a successful login using the username test+dom.ain, the following data has or has not been found in the cache:
test+dom.ain: miss test@dom.ain: miss test:dom.ain: hit
If the first username is test:dom.ain the behaviour is the following:
test:dom.ain: miss test@dom.ain: miss test+dom.ain: hit
I've added the information if the username changes for better debugging possibilities. In practice the username is of course always the same.
The complete authentication part of the tested config:
auth default: cache_size: 10000 username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@:+ username_translation: +@:@ verbose: yes debug: yes debug_passwords: yes passdb: driver: passwd-file args: /var/pop/%d/Accounts.passwd userdb: driver: static args: uid=70 gid=70 home=/var/emtpy
It looks as if Dovecot does some wrong username translations before inserting/lookup up the data in the cache.
BTW: a SIGUSR2 signal to the dovecot-auth process does not give any information as suggested in http://wiki.dovecot.org/Authentication/Caching.
Please do not only answer to the list as I am not subscribed. Thanks.
-- Gruss / Best regards | LF.net GmbH | fon +49 711 90074-411 Matthias Waffenschmidt | Ruppmannstr. 27 | fax +49 711 90074-33 mw@LF.net | D-70565 Stuttgart | http://www.lf.net