Slow auth

Laz C. Peterson laz at paravis.net
Tue Jun 7 18:24:10 UTC 2016


We had this issue as well - switch your primary authentication to LDAP and make sure it is attempting those auth sources first before any PAM sources.  You also don’t need to have your Dovecot server joined to the domain by doing it this way, which is nice.

We were previously using PAM auth through Kerberos as a method of authenticating from our LDAP servers.  I can’t remember the reason why we decided to go with Dovecot->LDAP (no mediating auth service in between), but the performance was significantly faster.

Or, you can also try PAM using Kerberos, instead of WInbind (or whatever you are using with PAM).  Just a thought.

~ Laz Peterson
Paravis, LLC

> On Jun 7, 2016, at 11:16 AM, aki.tuomi at dovecot.fi wrote:
> 
> 
>> On June 7, 2016 at 9:06 PM Ranbir <m3freak at thesandhufamily.ca> wrote:
>> 
>> 
>> On Tue, 2016-06-07 at 11:45 -0500, Edgar Pettijohn wrote:
>> 
>>> You have Pam as your passdb driver.
>> 
>> Yes, because I have to. How else would I get Dovecot to authenticate
>> users against my FreeIPA server? 
>> 
>> 
>> -- 
>> Ranbir
> 
> LDAP does come into mind... IPA after all IS ldap based. It's what sssd uses as well.
> 
> ---
> Aki Tuomi



More information about the dovecot mailing list