I think the last thing you say is exactly what is happening to me. I
think the user is updating the password, but a slight delay in my LDAP
replication is causing them to try the new password before it is
actually the new password.
Yes, I was refering to auth_cache_negative_ttl=0. I didn't realize
that was user not found only. Is there any way to force the cache to
check the password for anything that was not previously cached as
being the correct password?
Dave
Quoting Timo Sirainen <[EMAIL PROTECTED]>:
On Wed, 2008-11-19 at 22:17 -0500, David Cunningham wrote:
Well, most of my issues are gone with adding auth cache. However, I
am having an issue. Sometimes, even though cache incorrect passwords
is disabled,
Do you mean auth_cache_negative_ttl=0 by this? It only affects "user not
found" caching.
new passwords do not work. It would seem that once a
user logs in with one password successfully the cache does not
automatically retry if the user tries a different passwords. I would
think that the auth cache should check to see if the password changed
on the ldap server if something other than the cached password is
entered.
Is this something wrong with my configuraiton, or the auth code itself?
The way it should work is that:
1) User logs in with password X which succeeds.
2) Password is changed to Y.
3) User logs in with password Y. Dovecot sees that X != Y, but it sees
that the previous auth succeeded, so it'll do an auth lookup, sees that
the password was changed and caches it.
But this can also happen:
1) User logs in with password X which succeeds.
2) Password is changed to Y.
3) User logs in with password X, which succeeds.
Or:
1) User logs in with password X which succeeds.
2) User logs in with password Y. Dovecot sees that X != Y, but it sees
that the previous auth succeeded, so it'll do an auth lookup and sees
that the password wasn't changed.
3) Password is changed to Y.
4) User logs in with password Y. Dovecot sees that X != Y, but it sees
that the previous auth failed, so it doesn't bother doing another
lookup.
Can you consistently make Dovecot behave differently as described above?
