[Dovecot] Authentication cache, failure to login after changed password

Timo Sirainen tss at iki.fi
Sun May 17 21:51:12 EEST 2009


On Fri, 2009-05-15 at 09:29 +0200, Tom Sommer wrote:
> I'm sorry, but I still have problems with this. I got cache_size 1024,
> cache_ttl 3600, cache_negative_ttl 0, but if a user changes password in
> my SQL, sometimes it requires a restart of dovecot for him to be able to
> log in. 

You can always send SIGHUP to dovecot-auth instead of restart to flush
auth cache.

> The cache seems to be faulty somehow, I wish there was a way to dump the
> contents of the cache to debug this, because somehow I cannot forcefully
> reproduce it.

Here's a way:

1. Try to log in unsuccessfully.
2. Change the password.
3. Try to log in with the changed password -> doesn't work, because the
old one is still cached.

> Notice in this case the user never before logged in successfully, so I
> dont understand why he would even be in the cache, unless there is
> something wrong with cache_negative_ttl.

You're misunderstanding what it does. See its description:

# TTL for negative hits (user not found). 0 disables caching them completely.
#auth_cache_negative_ttl = 3600

I suppose there could be a new setting to use auth cache only for
successful lookups..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090517/d7f9d36b/attachment.bin 


More information about the dovecot mailing list