On Fri, 2011-09-30 at 16:24 -0700, Eric Shubert wrote:
CRAM-MD5 works sometimes: Sep 30 08:15:43 imap-login: Info: Login: user=userA@domain.com, method=CRAM-MD5, rip=192.168.252.8, lip=192.168.252.14, mpid=20301
but (seemingly more frequently) the authentication fails: Sep 30 08:16:41 imap-login: Info: Aborted login (auth failed, 1 attempts): user=userA@domain.com, method=CRAM-MD5, rip=192.168.252.8, lip=192.168.252.14
My problem was indeed with the password caching. I changed cache_key=%u to cache_key=%u%r and that cleared things up.
I expect that this is only a problem when different client programs use different login mechanisms, which was the case with this particular group of users.
Auth mechanism shouldn't affect caching or vice versa. Maybe the %r just happens to work around the real problem, which might still be there but just less frequent.. Logs with auth_debug=yes could have been helpful in figuring this out.