On Thu, 2008-08-21 at 09:11 +0200, Tom Sommer wrote: > Timo Sirainen wrote: > > On Tue, 2008-08-19 at 15:49 +0200, Tom Sommer wrote: > >> On Tue, August 19, 2008 15:44, Tom Sommer wrote: > >> > >>> Using version 1.1.1, MySQL userdb, with "nopassword=Y". > >>> > >>> Maybe it's due to nopassword? > >> Should add, this is my password_query: > >> > >> password_query = SELECT username as user, NULL as password, "Y" as > >> nopassword FROM users WHERE ... > > > > So how do you check the password validity? > > Simple > > SELECT username as user, NULL as password, "Y" as nopassword FROM users > WHERE username = '%u' AND password = '[password]'
By [password] I suppose you mean %w? The way it's supposed to work then is that Dovecot places %u and %w to the cache key. So only if both of them match, the cache is used. This also means that if the password is changed and old password is cached, the user is able to log in using either old or the new password (both of them will be cached to separate entries). And I just tested that it works like that. So if you're getting auth failures, there's something wrong.
signature.asc
Description: This is a digitally signed message part
