auth-policy crashing
Aki Tuomi
aki.tuomi at open-xchange.com
Wed Aug 7 13:02:42 EEST 2019
On 7.8.2019 11.51, James via dovecot wrote:
> On 06/08/2019 06:46, Aki Tuomi via dovecot wrote:
>>
>> On 2.8.2019 13.45, James via dovecot wrote:
>>> My auth process is dumping core. This happens several times per day
> ...
>
>> There is an easy fix for this, attached.
>
> Patch applied; no core dump in 24 hours.
>
> This appears to have fixed the problem. I found that it crashed when
> the policy server responded too quickly. As the before and after auth
> command=allow request are the same I cache the first, leading to a
> fast second response. Removing the cache (nginx proxy_cache ...) must
> change the timings and circumvented the crash. Why use both check
> before and after auth? roundcube webmail reports an error with only
> auth_policy_check_before_auth. I cannot see why. The simple and lazy
> solution is to use double auth_policy_check_!
>
> Thank you Aki for looking at this and finding a solution so quickly.
The double-check is for places which want to implement something like
COS or want to perform validations in policy server *after* we know the
user identity. The first check is done before we even know if the user
or the credential(s) are valid.
Aki
More information about the dovecot
mailing list