auth-policy crashing

Aki Tuomi aki.tuomi at open-xchange.com
Wed Aug 7 13:02:42 EEST 2019


On 7.8.2019 11.51, James via dovecot wrote:
> On 06/08/2019 06:46, Aki Tuomi via dovecot wrote:
>>
>> On 2.8.2019 13.45, James via dovecot wrote:
>>> My auth process is dumping core.  This happens several times per day
> ...
>
>> There is an easy fix for this, attached.
>
> Patch applied; no core dump in 24 hours.
>
> This appears to have fixed the problem.  I found that it crashed when
> the policy server responded too quickly.  As the before and after auth
> command=allow request are the same I cache the first, leading to a
> fast second response.  Removing the cache (nginx proxy_cache ...) must
> change the timings and circumvented the crash.  Why use both check
> before and after auth?  roundcube webmail reports an error with only
> auth_policy_check_before_auth.  I cannot see why.  The simple and lazy
> solution is to use double auth_policy_check_!
>
> Thank you Aki for looking at this and finding a solution so quickly.


The double-check is for places which want to implement something like
COS or want to perform validations in policy server *after* we know the
user identity. The first check is done before we even know if the user
or the credential(s) are valid.

Aki



More information about the dovecot mailing list