Hello,

I'm having a problem with with password changing. According to
http://wiki2.dovecot.org/Authentication/Caching, I understand "normal
scenario" and "Using old cached password scenario", but I'm having a
problem with the "Early change scenario".

I understand that in this case, if in step 4 user tries password Y,
then this password is not tried again and login fails. But if the user
tries another password Z, then is it test it? Or does it directly
fail? I think that it is directly failing.

And here is my problem... I am using dovecot with a ldap backend
and another pam backend. The first one is users connecting with an
email client. The other one applies when the ldap backend fails and it
is use for connections from our webmail, which is integrated in our
CAS SSO environment (it has running an imap proxy too). Sometimes (the
only scenari we were able to reproduce is with users that for some
reason has two SSO sessions opened) dovecot receives an invalid CAS
ticket, then authentication fails, and no newer tickets are tried
until cache is clean. That's why I think that in this scenario another
Z password is even tried.

Any idea?

-- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 868888337