On Wed, 2008-11-19 at 22:17 -0500, David Cunningham wrote:
Well, most of my issues are gone with adding auth cache. However, I
am having an issue. Sometimes, even though cache incorrect passwords
is disabled,
Do you mean auth_cache_negative_ttl=0 by this? It only affects "user not found" caching.
new passwords do not work. It would seem that once a
user logs in with one password successfully the cache does not
automatically retry if the user tries a different passwords. I would
think that the auth cache should check to see if the password changed
on the ldap server if something other than the cached password is
entered.Is this something wrong with my configuraiton, or the auth code itself?
The way it should work is that:
- User logs in with password X which succeeds.
- Password is changed to Y.
- User logs in with password Y. Dovecot sees that X != Y, but it sees that the previous auth succeeded, so it'll do an auth lookup, sees that the password was changed and caches it.
But this can also happen:
- User logs in with password X which succeeds.
- Password is changed to Y.
- User logs in with password X, which succeeds.
Or:
- User logs in with password X which succeeds.
- User logs in with password Y. Dovecot sees that X != Y, but it sees that the previous auth succeeded, so it'll do an auth lookup and sees that the password wasn't changed.
- Password is changed to Y.
- User logs in with password Y. Dovecot sees that X != Y, but it sees that the previous auth failed, so it doesn't bother doing another lookup.
Can you consistently make Dovecot behave differently as described above?