[dovecot] Re: Long running auth/login processes (was Re: Re: inetd/xinetd/tcpserver support)

Charlie Brady charlieb-dovecot at e-smith.com
Thu Mar 20 16:27:17 EET 2003


On 20 Mar 2003, Timo Sirainen wrote:

> On Thu, 2003-03-20 at 21:05, Charlie Brady wrote:
> > 
> > Why do you care about long running login processes?
> 
> That gives less amount of total running processes since you don't need
> extra one for handling SSL.

You need two processes per connection or you don't have adequate privilege 
separation. In my case, I have one acting either as a cleartext proxy or 
as an SSL wrapper, and the other does authentication and then execs the 
imap daemon. How would you avoid one 

> It also does SSL initialization only once, instead of once per
> connection. Sure, this could also be done by separate long running SSL
> process.

Yes, it would be nice to do SSL initialization once, but I don't think the 
performance issue is enough to compomise the security and reliabilty of 
the system for.

> Anyway, I don't really care much about it since it pretty much means
> that exploiting it gives access to connections of all users.

So you don't want to have a long running login process after all?

> > The long running auth process problem can be solved by using a unix domain
> > socket.  This is how Bruce Guenter's mailfront works. The authenticator 
> > runs long term, and listens to a socket (unix domain preferred, but there 
> > are other options). The login process is run from tcpserver, and gathers 
> > information from the client, and then connects to the authenticator and 
> > verified the information.
> 
> So, is it really much different from my design then? 

I don't know, but I'm trying to learn. You know your design and your code;  
I'm just feeling my way around. Your documentation is good in parts, but
there are still big gaps. The installation documentation only covers
building - I have yet to find anything which tells me how to execute
dovecot (have I missed it?). I'm not sure which processes run when, and
exactly what communication occurs between them over what communication
channels.

> Sounds like the
> only difference is that it runs login code as root and exec()s imap
> binary after login, where my code sends it through master process which
> forks new imap process.

I don't know exactly what "sent it through master process" means. 

I have a preference for running simple software which I already have
reason to trust.  This is why I want to use tcpserver, and why I have a 
leaning towards using mailfront and cvm. I know that stunnel isn't 
completely wonderful, but it is very widely used, and the chroot feature 
added by Scott Gifford fixes the principal weakness.

I am looking for a better IMAP daemon than I have at present, but I would 
prefer not to have a new system of authentication, and a new network 
connection monitor. There is a lot of new (to me) code in dovecot, but the 
only code of high value to me is the imap daemon itself.

I hope this explains my line of questioning to you a little.

--
Charlie





More information about the dovecot mailing list