[Dovecot] CRAM-MD5 authentication memory leak problem.
Kenji Tonami
tonami at designet.co.jp
Fri Jun 6 05:34:52 UTC 2014
I used dovecot Auth daemon for postfix SMTP Auth.
I saved clear password to OpenLDAP, then I set up that as the password
will be used.
There ware no trouble when authentication had sucessed. But when
authentication failed by using "CRAM-MD5", it caused increasing memory
allocation of dovecot auth daemon.
In case of using "PLAIN" or "LOGIN", there were no problem even if
authentication had failed.
I got same result on dovecot-2.0.9(RHEL6) and dovecot-2.2.13.
Does anyone know similar case?
I tried restarting dovecot Auth daemon by using service_count parameter
in service auth settings. When authentication failed, message on
postfix was as follows:
** 535 5.7.8 Error: authentication failed: "CRAM-MD5 string"
When authentication failed and restarting dovecot auth daemon at the
same time, message on postfix was changed as follows:
** 535 5.7.8 Error: authentication failed: Connection lost to
authentication server
It looks like that the failed authentication request is suspended by
restarting auth daemon.
-- config (10-auth.conf)
auth_mechanisms = plain login cram-md5
--
-- config (10-master.conf)
service auth {
executable = auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
}
--
-- auth-ldap.conf.ext
passdb {
driver = ldap
args = /etc/dovecot/ldap-passdb.conf.ext
}
--
-- ldap-passdb.conf.ext
host = xxx.xxx.xxx.xxx
dn = LDAP Manager DN
dnpass = Manager DN password
base = ou=mail,dc=xxxxxx,dc=xx
scope = subtree
pass_attrs = mailID=user,mailClearPassword=password
pass_filter = (mailID=%u)
auth_bind = no
default_pass_scheme = plain
--
Thanks.
--
Kenji Tonami
More information about the dovecot
mailing list