22 Jul
2010
22 Jul
'10
6 p.m.
On Thu, 2010-07-22 at 15:43 +0100, Timo Sirainen wrote:
For local UNIX sockets that are 0600 root, the authentication wouldn't be necessary. It could internally check that if the listener socket has these permissions, it would just announce that doveadm is already authenticated.
Or slightly better: It's preauthenticated if the socket is 0600 and its user matches service doveadm { user }. So if only a single UID is used for all users, there's no need to start doveadm as root or to authenticate if both the brain and workers start with same UID.