Ahh Peter, good call on this one!
<beating head into desk><pause><beating head into desk again><thumbs up>
So after playing around with the order of authentication in Dovecot, you are correct, the PAM timeout was causing the holdup. I guess since PAM has no way of looking up whether or not a user exists prior to authenticating, this is causing the hiccup, versus LDAP which can search for a user’s existence prior to the auth. Switching these around, I notice almost *no* degradation in performance for PAM authentications, and the LDAP authentications run smooth as I would hope them to.
Awesome, so now we have our solution! (I think.)
Gotta say, a lot of love goes out to the Dovecot community (especially Timo!) for all the inspiration and help that I’ve received. Dovecot is a great app and this community is the backbone of it all. Cheers to all!
Thanks again.
~ Laz Peterson Paravis, LLC Ph: 951.319.3240 x201
On Jul 2, 2015, at 6:25 AM, Laz C. Peterson laz@paravis.net wrote:
Peter,
Yes that is a possibility. I will try disabling PAM (or switching the auth order) and see if that makes a difference. Thanks for the suggestion!
~ Laz Peterson Paravis, LLC Ph: 951.319.3240 x201
On Jul 1, 2015, at 11:34 PM, Peter Chiochetti pch@myzel.net wrote:
Am 2015-07-02 um 01:41 schrieb Laz C. Peterson:
I did attempt to switch the PAM/Kerberos authentication to Dovecot LDAP authentication, but now performance is unbelievably slow. Any thoughts to this?
In case you have multiple passdb backends, it could be, that LDAP only gets its chance, after PAM did time out.
-- peter