[Dovecot] Blocking auth services
Hi,
I'm writing an passdb/userdb plugin to authenticate against an external daemon listening on a UNIX socket.
The connection to the daemon is 1 request at a time and thus blocking (unlike passdb-ldap), but the daemon is preforking, so it can handle more connections at a time.
I read from the Wiki: http://wiki2.dovecot.org/Design/AuthProcess
"The authentication may begin new authentication requests even before the existing ones are finished. ", and
"If the passdb uses connections to external services, it's preferred that they use non-blocking connections. Dovecot does this whenever possible (PostgreSQL and LDAP for example). If it's not possible, set blocking = TRUE. "
... which tells me to set the module as blocking and let more auth worker processes do the work - creating 1 daemon process for each auth worker process, I guess.
But I also have the option, to let the passdb/userdb plugin maintain a pools of used/idle connections to the daemon and just pick a idle connection and moving it to the used pool on each auth_request. Which would save me the auth worker processes.
Is there a preferred dovecot way?
/Peter
On Mon, 2011-08-08 at 14:04 +0200, Peter Mogensen wrote:
I'm writing an passdb/userdb plugin to authenticate against an external daemon listening on a UNIX socket.
The connection to the daemon is 1 request at a time and thus blocking (unlike passdb-ldap), but the daemon is preforking, so it can handle more connections at a time.
You're talking to it via UNIX socket, so you can talk to it with non-blocking sockets.
But I also have the option, to let the passdb/userdb plugin maintain a pools of used/idle connections to the daemon and just pick a idle connection and moving it to the used pool on each auth_request. Which would save me the auth worker processes.
This would be more efficient. (I wonder if you could make your external daemon talk auth-worker protocol and Dovecot would do this pooling automatically by thinking it's talking to its own workers?)
On 2011-08-14 22:56, Timo Sirainen wrote:
On Mon, 2011-08-08 at 14:04 +0200, Peter Mogensen wrote:
I'm writing an passdb/userdb plugin to authenticate against an external daemon listening on a UNIX socket.
The connection to the daemon is 1 request at a time and thus blocking (unlike passdb-ldap), but the daemon is preforking, so it can handle more connections at a time.
You're talking to it via UNIX socket, so you can talk to it with non-blocking sockets.
Yes... but a single connection can still only handle one request at a time. It's not the socket, which is blocking - it's the server end of the connection.
But I also have the option, to let the passdb/userdb plugin maintain a pools of used/idle connections to the daemon and just pick a idle connection and moving it to the used pool on each auth_request. Which would save me the auth worker processes.
This would be more efficient. (I wonder if you could make your external daemon talk auth-worker protocol and Dovecot would do this pooling automatically by thinking it's talking to its own workers?)
We actually considered replacing the entire dovecot-auth process with a re-write of the daemon, which we had done with courier. But the courier-auth process is simpler, so we decided to go for a plugin to dovecot-auth.
/Peter
participants (2)
-
Peter Mogensen
-
Timo Sirainen