systemd-homed

Yilin Wei yilin at kebab-ca.se
Thu Jan 7 02:47:31 EET 2021


Hi,

I’ve been looking into a problem with a local dovecot setup with
~systemd-homed~ and uses PAM authentication. To give a brief overview,
~systemd-homed~ mounts the users home directory upon particular
authencation calls (which is configurable through ~/etc/pam.d~).

Dovecot currently supports PAM authentication perfectly fine — the
problem comes when a system has systemd-homed. This is because the
session is created and deleted immediately afterwards [1].

This is a problem because if the server isn’t busy, systemd-homed can
run it’s cleanup which causes the home directory to be unavailable once
again [2].

To support this properly, ideally the whole of the imap/pop3/lda session needs
to happen before the deletion of the session.

Does the imap session happen within a ~verify_plain~ [3] call? If not,
are there any other authentication backends which currently need to keep
a live token?

Yilin

[1] https://github.com/dovecot/core/blob/266e54b7b8c34c9a58dd60a2e53c5ca7d1deae19/src/auth/passdb-pam.c#L219
[2] https://dovecot.org/pipermail/dovecot/2019-April/115559.html
[3] https://github.com/dovecot/core/blob/266e54b7b8c34c9a58dd60a2e53c5ca7d1deae19/src/auth/passdb.h#L44


More information about the dovecot mailing list