On Sun, 2007-03-11 at 09:51 -0700, Troy Engel wrote:
I think dP alluded to this question earlier but I'm not sure if I see a response -- the default setting for login procs is:
I think I replied with http://wiki.dovecot.org/LoginProcess
...with all the notes about security ans so forth. The question is though what's a best recommended practice for efficiency and speed? What I'm wondering is that most clients like ThunderBird spawns multiple threads, which cause multiple logins. Typically 3-5 per user on TBird.
So would it be correct to say that 50 people logged in at once would have ~150 login-auth procs running in order to get work done?
Right.
At what point is a small tradeoff in security worth the recovery of CPU and process space?
You can decide that. :) I don't think the login processes take all that much memory. As for CPU usage it looks like my machine can handle about 130 logins/second with login_process_per_connection=yes and 1200/sec with =no. You can try that yourself with my imaptest tool (see the mail I wrote last night) with parameters "- select=0".
If one login proc is already running for the first thread 'user=tengel', do the subsequent threads re-use that same proc instead of launching another?
No. One process per connection. There's really no way to know what user is logging in before he does it. Of course it could maybe be possible to move the SSL proxying to another login process of the same user, but that's probably a bit too much trouble.