v2.2.30 released
FUSTE Emmanuel
emmanuel.fuste at thalesgroup.com
Wed May 31 16:32:03 EEST 2017
Le 30/05/2017 à 20:16, Timo Sirainen a écrit :
> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz
> https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz.sig
>
> * auth: Use timing safe comparisons for everything related to
> passwords. It's unlikely that these could have been used for
> practical attacks, especially because Dovecot delays and flushes all
> failed authentications in 2 second intervals. Also it could have
> worked only when passwords were stored in plaintext in the passdb.
> * master process sends SIGQUIT to all running children at shutdown,
> which instructs them to close all the socket listeners immediately.
> This way restarting Dovecot should no longer fail due to some
> processes keeping the listeners open for a long time.
>
> + auth: Add passdb { mechanisms=none } to match separate passdb lookup
> + auth: Add passdb { username_filter } to use passdb only if user
> matches the filter. See https://wiki2.dovecot.org/PasswordDatabase
Shouldn't the wiki be corrected ?
we have:
mechanisms: Skip, if non-empty and the current auth mechanism is listed
here.
but the intended meaning is:
mechanisms: Skip, if non-empty and the current auth mechanism is not
listed here.
Isn't it?
Emmanuel.
More information about the dovecot
mailing list