auth_policy in a non-authenticating proxy chain

Aki Tuomi aki.tuomi at dovecot.fi
Sat Sep 15 12:59:23 EEST 2018


> On 15 September 2018 at 12:32 Peter Mogensen <apm at one.com> wrote:
> 
> 
> 
> 
> On 09/15/2018 10:41 AM, Aki Tuomi wrote:
> > Point of sending the success ones is to maintain whitelist as well as
> > blacklist so you know which ones you should not tarpit anymore. We
> > know it does scale as we have very large deployments using the whole
> > three request per login model.
> >
> >
> 
> "Success" in a proxy which is not it self authenticating is only whether
> it know where to proxy the requested username to.
> I'm not sure whether this would be input to a whitelist.
> 
> I'm not doubting that 3 req/login scales.
> 
> /Peter
>

This is rather uncommon use-case. Most cases authentication occurs on proxy and is forwarded using, say, master password on to the backend.

Aki


More information about the dovecot mailing list