Hi Marc,
On 2024/05/02 15:31, Marc wrote:
Looking for some advise.
Hmmm, I am glad I took the time to arrange a proper ldap infrastructure. What
ever gets hammered stays local
Hahaha, yea well, galera served us well until now, and assuming no DDL
changes on large tables we believe it will continue to do so. That
aside, I do like ldap indeed, but unfortunately that's not a feasible
option at this stage.
What I'm hoping is that dovecot has some way to in case of such
"authentication backend" problem scenarios to ignore protocol and
politeness and simply disconnect the client, ie, just shut the
connection without saying anything, this could even be with a small
delay (I'd say 1 second or so, just to avoid tight auth retry loops, up
to 4 or 5 seconds IMHO would be fine).
auth_failure_delay = 2 secs ?
That will still simply wait before *rejecting* the login, compared to
*dropping the connection*.
We are thus looking for three different behaviours:
1. If backend confrims auth, ACK auth + proceed (grant access) to email.
2. If backend confirm "no such user" or "invalid creds", wait for
auth_failure_delay and then *reject* the login.
3. If the backend fails (ie, can neither confirm nor deny), simply drop
the connection.
I hope this is more clear.
Kind regards,
Jaco
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
