[Dovecot] Dovecot load balancing
hummel at pasteur.fr
Thu Jul 31 17:47:31 EEST 2008
On Thu, Jul 31, 2008 at 10:18:22AM -0400, Eric Toczek wrote:
> connection onto server 2. User B connects into server 1 and they live on
> server 1, so proxy_maybe allows the connect to be made direct even
> though their proxy setting says they go to a specific host (which
> happens to be server 1)
You mean that just save one imap-login process ?
> > Also, 2 things which aren't quite clear to me in the Wiki :
> > a) Password forwarding
> > Make sure that the authentication succeeds with any given password. You can do this by using empty passwords. v1.1+ requires also that you return nopassword field.
> > -> Does that mean that the proxy has to accept only empty passwords and that
> > that's the actual imap server that will deal with the actual password ?
> The destination host must be set to allow plain text passwords.
Granted, but I guess it's the proxy which must accept empty password ? I don't
get where in the picture the empty password stands.
> Yes the initial connection can be done using SSL/TLS. What happens is
> the proxy will do the auth for the user using their password and if it
> succeeds and they have a proxy attribute setup then the connect is made
> to the destination host using a plaintext connection. What you can do is
> setup a dovecot proxy host(s) that has no users assigned to that server
> and allows only SSL/TLS connections, then on the backend a bunch of
> servers that users get assigned to but they cannot have:
> disable_plaintext_auth = yes
> in the configuration.
Ok, I always use plaintext anyway, usually on SSL/TLS from clients (with a few exceptions for old stuff/bad habits I plan to get ridd off).
Thomas Hummel | Institut Pasteur
<hummel at pasteur.fr> | Pôle informatique - systèmes et réseau
More information about the dovecot