[Dovecot] Removing specific entry in user/auth cache
Timo Sirainen
tss at iki.fi
Thu Jun 28 09:43:49 EEST 2012
On Wed, 2012-06-27 at 19:08 -0700, Joseph Tam wrote:
> > I dont known about Angel, but for me is useful because sometimes i need to
> > deactivate smtp/imap/pop access from accounts, or change their home after
> > storage migration, and removing a specific record i can use a long time
> > cache.
>
> I'm not sure that the auth cache holds that information,
userdb lookups are also cached.
> but I think you
> can at least invalidate a particular auth cache entry by
>
> 1) Changing the user password (and save the previous hash)
> 2) Authenticate using the new credentials (and invalidate
> the auth cache entry). For example, you can just
> do a manual connection on your dovecot server
>
> x login someuser newpassword
>
> This will replace the cache entry with a new one.
>
> 3) When you are ready to put the account back online, change the
> password back to the original. A password mismatch forces
> a resync to your authentication system which will restore
> the auth cache.
This works for passdb cache, but not for userdb cache.
It would be possible to add a doveadm command for this.. I think the
main reason why I already didn't do it last time I was asked this was
because I wanted to use "doveadm auth cache flush" or something similar
as the command, but there already exists "doveadm auth" command and
"cache flush" would be treated as username=cache password=flush :(
Anyone have thoughts on a better doveadm command name? Or should I just
break it and have v2.2 use "doveadm auth check" or something for the old
"doveadm auth" command?
More information about the dovecot
mailing list