On 3.12.2004, at 18:10, Kirill Miazine wrote:
Dovecot auth protocol 1.0 defines differend command sets for client and master.
How can a daemon distinguish a master connection from a client connection? Clients do send CPID and master does not.
You should listen client and master connections in separate sockets and make sure that only root user can connect to master socket (ie. socket is root/root 0600).
I have following auth configuration:
auth external { socket connect { master { path = /var/state/dovecot/login/master-auth
Put the master-auth socket elsewhere, eg. /var/state/dovecot/master-auth and start listening for clients in eg. /var/state/dovecot/login/client-auth (login prosesses connect to all sockets in /var/state/dovecot/login/).
km@thinkpad:/home/km > ./krot/sbin/master.py CPID : ['11915'] CPID : ['11915'] CPID : ['16652'] CPID : ['11915']
I guess each of these comes in a new connection? Remember that you have to keep separate state in each connection you get.
The protocol specification is mentioning a separate SERVICE command in the client's greeting.
Yes, if the service=POP3 was missing in AUTH command you'd get the service from there.
I can't let my daemon die if the master issues DIE. Why should a server exit when it receives DIE?
It's mostly useful when Dovecot master process wants to restart dovecot-auth, you don't need to do it. Actually dovecot-auth doesn't do it either yet.
Can anybody provide an example dialog of an authentication request that is successful and a reques that fails because of a bad password.
Um. I'm a bit lazy now :) Add some logging into dovecot-auth, src/auth/auth-client-connection.c.