-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Running Dovecot 1.1.3 and after dovecot has been running for awhile it will just stop authenticating. Only fix is to stop and restart dovecot. Here is the errors in the logs:
ct 4 09:34:32 goku dovecot: [ID 107833 mail.info] auth-worker(default): pam(KVogel22,74.125.78.25): lookup service=dovecot Oct 4 09:34:32 goku dovecot: [ID 107833 mail.error] auth-worker(default): pam(KVogel22,74.125.78.25): pam_authenticate() failed: Dlopen failure Oct 4 09:34:32 goku dovecot: [ID 107833 mail.info] auth-worker(default): passwd(KVogel22,74.125.78.25): lookup Oct 4 09:34:32 goku dovecot: [ID 107833 mail.info] auth-worker(default): passwd(KVogel22,74.125.78.25): Password mismatch
./dovecot -n # 1.1.3: /userM/mail-services/dovecot/etc/dovecot.conf Warning: fd limit 256 is lower than what Dovecot can use under full load (more than 3072). Either grow the limit or change login_max_processes_count and max_mail_processes settings base_dir: /userM/mail-services/dovecot/var/run/dovecot/ protocols: imap imaps pop3 pop3s ssl_cert_file: /userM/mail-services/dovecot/etc/ssl/dovecot.pem ssl_key_file: /userM/mail-services/dovecot/etc/ssl/privkey.pem ssl_parameters_regenerate: 0 ssl_cipher_list: MEDIUM:!LOW disable_plaintext_auth: no login_dir: /userM/mail-services/dovecot/var/run/dovecot/login login_executable(default): /userM/mail-services/dovecot/libexec/dovecot/imap-login login_executable(imap): /userM/mail-services/dovecot/libexec/dovecot/imap-login login_executable(pop3): /userM/mail-services/dovecot/libexec/dovecot/pop3-login login_greeting: Cyrus ready. login_max_processes_count: 1024 max_mail_processes: 1024 mail_location: mbox:~/:INBOX=/userM/mail/%u mail_debug: yes mmap_disable: yes mail_nfs_index: yes mbox_write_locks: fcntl dotlock mbox_dotlock_change_timeout: 60 mail_executable(default): /userM/mail-services/dovecot/libexec/dovecot/imap mail_executable(imap): /userM/mail-services/dovecot/libexec/dovecot/imap mail_executable(pop3): /userM/mail-services/dovecot/libexec/dovecot/pop3 mail_plugin_dir(default): /userM/mail-services/dovecot/lib/dovecot/imap mail_plugin_dir(imap): /userM/mail-services/dovecot/lib/dovecot/imap mail_plugin_dir(pop3): /userM/mail-services/dovecot/lib/dovecot/pop3 auth default: mechanisms: plain login verbose: yes debug: yes worker_max_count: 1024 passdb: driver: pam passdb: driver: passwd args: blocking=yes userdb: driver: passwd args: blocking=yes socket: type: listen client: path: /var/lib/postfix/private/auth mode: 438 user: postfix group: postfix master: path: /userM/mail-services/dovecot/var/run/dovecot//auth-master mode: 384
C. J. Keist Email: cj.keist@colostate.edu UNIX/Network Manager Phone: 970-491-0630 Engineering Network Services Fax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301
All I want is a chance to prove 'Money can't buy happiness' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFI55GTA29OFr7C6jcRAl6pAKCeGIUZYrJFlPSLdjjlb6ytN0mZXwCg2NUg 5wQl6r89l/sjo2mdbwPa+DQ= =4p14 -----END PGP SIGNATURE-----
On Oct 4, 2008, at 6:53 PM, CJ Keist wrote:
auth-worker(default): pam(KVogel22,74.125.78.25): pam_authenticate() failed: Dlopen failure
Set this to non-zero:
# Number of auth requests to handle before destroying the process.
This may
# be useful if PAM plugins leak memory.
#auth_worker_max_request_count = 0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Timo, Thanks. Is there a good rule of thumb of what value I should put in for this? The http://wiki.dovecot.org/MainConfig doesn't talk about this config parameter.
Timo Sirainen wrote:
On Oct 4, 2008, at 6:53 PM, CJ Keist wrote:
auth-worker(default): pam(KVogel22,74.125.78.25): pam_authenticate() failed: Dlopen failure
Set this to non-zero:
# Number of auth requests to handle before destroying the process. This may # be useful if PAM plugins leak memory. #auth_worker_max_request_count = 0
C. J. Keist Email: cj.keist@colostate.edu UNIX/Network Manager Phone: 970-491-0630 Engineering Network Services Fax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301
All I want is a chance to prove 'Money can't buy happiness' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFI6iZ0A29OFr7C6jcRApjXAJ9nQcMME2VttCPZBKDb+xeuAZSS5gCdGP6s 8SePZ/SSK62qjgzYd8hbhzE= =viEr -----END PGP SIGNATURE-----
On Mon, 2008-10-06 at 08:53 -0600, CJ Keist wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Timo, Thanks. Is there a good rule of thumb of what value I should put in for this?
The lower it is, the more CPU Dovecot uses by restarting the dovecot-auth processes. But if it's too large, you'll get these failures. So I don't know, try 1000?
The http://wiki.dovecot.org/MainConfig doesn't talk about this config parameter.
That's generated from dovecot-example.conf. Looks like I forgot to update it to be generated from v1.1, changed now. Wonder how I'd remember to do the same thing after v1.2.0 is released. :)
Timo Sirainen wrote:
On Oct 4, 2008, at 6:53 PM, CJ Keist wrote:
auth-worker(default): pam(KVogel22,74.125.78.25): pam_authenticate() failed: Dlopen failure
Set this to non-zero:
# Number of auth requests to handle before destroying the process. This may # be useful if PAM plugins leak memory. #auth_worker_max_request_count = 0
C. J. Keist Email: cj.keist@colostate.edu UNIX/Network Manager Phone: 970-491-0630 Engineering Network Services Fax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301
All I want is a chance to prove 'Money can't buy happiness' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFI6iZ0A29OFr7C6jcRApjXAJ9nQcMME2VttCPZBKDb+xeuAZSS5gCdGP6s 8SePZ/SSK62qjgzYd8hbhzE= =viEr -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Timo, Thank you for updating the MainConfig web page.
This is what I decided to put in for that value. Currently dovecot runs about 4 days before it starts to fail authenticating users. I did a quick count on how many times auth-worker is called to authenticate a user, I'm averaging about 50K times a day (M-F). So I'm putting in 20,000 for the "auth_worker_max_request_count" so that it only restarts the dovecot-auth process 2 or 3 times each day. If anyone else has better suggestions for this value, I'd would love to hear it.
Timo Sirainen wrote:
On Mon, 2008-10-06 at 08:53 -0600, CJ Keist wrote: Timo, Thanks. Is there a good rule of thumb of what value I should put in for this?
The lower it is, the more CPU Dovecot uses by restarting the dovecot-auth processes. But if it's too large, you'll get these failures. So I don't know, try 1000?
The http://wiki.dovecot.org/MainConfig doesn't talk about this config parameter.
That's generated from dovecot-example.conf. Looks like I forgot to update it to be generated from v1.1, changed now. Wonder how I'd remember to do the same thing after v1.2.0 is released. :)
Timo Sirainen wrote:
On Oct 4, 2008, at 6:53 PM, CJ Keist wrote:
auth-worker(default): pam(KVogel22,74.125.78.25): pam_authenticate() failed: Dlopen failure Set this to non-zero:
# Number of auth requests to handle before destroying the process. This may # be useful if PAM plugins leak memory. #auth_worker_max_request_count = 0
C. J. Keist Email: cj.keist@colostate.edu UNIX/Network Manager Phone: 970-491-0630 Engineering Network Services Fax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301
All I want is a chance to prove 'Money can't buy happiness' -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFI6kB2A29OFr7C6jcRAnPnAKCCfc2cC1f8/rJBoeQNRcF7WvzPBACg0gX5 vFMPu2Fk57E1DS39ouDgDVw= =5U6P -----END PGP SIGNATURE-----
participants (2)
-
CJ Keist
-
Timo Sirainen