[Dovecot] Authentication cache, failure to login after changed password
Tom Sommer
mail at tomsommer.dk
Sun May 17 22:09:44 EEST 2009
Timo Sirainen wrote:
>> The cache seems to be faulty somehow, I wish there was a way to dump the
>> contents of the cache to debug this, because somehow I cannot forcefully
>> reproduce it.
>>
>
> Here's a way:
>
> 1. Try to log in unsuccessfully.
> 2. Change the password.
> 3. Try to log in with the changed password -> doesn't work, because the
> old one is still cached.
>
If the auth is unsuccessful (cache missmatch), the cache should then go
for a lookup in the passdb, correct?
>> Notice in this case the user never before logged in successfully, so I
>> dont understand why he would even be in the cache, unless there is
>> something wrong with cache_negative_ttl.
>>
>
> You're misunderstanding what it does. See its description:
>
> # TTL for negative hits (user not found). 0 disables caching them completely.
> #auth_cache_negative_ttl = 3600
>
> I suppose there could be a new setting to use auth cache only for
> successful lookups..
>
I don't understand why it would cache negative lookups if I set
negative_ttl to 0, even if the setting isn't suppose to work that way
currently, it should.
Enabling the cache is effectively preventing newly created users from
logging in, which is hardly the point.
--
Tom
More information about the dovecot
mailing list