Re: [Dovecot] Removing specific entry in user/auth cache
El 04/07/12 10:01, Timo Sirainen escribió: On Fri, 2012-06-29 at 05:01 +0300, Timo Sirainen wrote: and for v2.1 a bit kludgy way: doveadm auth user [pass] doveadm auth cache flush [user] Done: http://hg.dovecot.org/dovecot-2.1/rev/007bf0047ab0 http://hg.dovecot.org/dovecot-2.1/rev/1093c74f54af Hello, After some time I have updated my system to 2.1.9 which includes this patch but I have doubts it is working. I have changed an attribute for one of my users (his home directory) so I run: root@myotis33:~# doveadm auth cache flush user 2 cache entries flushed but, then, when I run doveadm user user I've got the old information, not the updated one. I had to reload dovecot to get the information correctly reloaded.
Re: [Dovecot] Removing specific entry in user/auth cache
On Fri, 2012-06-29 at 05:01 +0300, Timo Sirainen wrote: and for v2.1 a bit kludgy way: doveadm auth user [pass] doveadm auth cache flush [user] Done: http://hg.dovecot.org/dovecot-2.1/rev/007bf0047ab0 http://hg.dovecot.org/dovecot-2.1/rev/1093c74f54af so you couldn't test authentication against cache user, but that's probably not a problem. Actually you only can't test authentication against cache user with flush password. Even less likely to be a problem.
Re: [Dovecot] Removing specific entry in user/auth cache
El 29/06/12 07:32, Timo Sirainen escribió: On 29.6.2012, at 5.18, Daniel Parthey wrote: wouldn't it be better to use a syntax similar to other doveadm commands, with labels for all arguments? doveadm auth test -u user -p [pass] doveadm auth cache flush -u [user] doveadm auth cache stats This will allow you to syntactically distinguish commands from arguments. Otherwise you might run into the same kludgy syntax problem again, as soon as the number of subcommands changes. The problem was with the auth toplevel command not having subcommands. I don't think there are going to be any problems with subcommands. Also there are many commands already that take user without the -u parameter. Actually it's only the mail commands that take -u parameter at all. Another potential problem is doveadm user command. I'm wondering if it might be a good idea to move it to doveadm auth user or doveadm auth userdb command. There should be also a similar doveadm auth passdb command that does a passdb lookup without authentication. Other command it could be usefull is to remove a temporal user-server association in director. For example, I had a downtime in one server, so users normally directed to this server is now been directed to other. Now I want a user to get back to his normal server (force it, I know we willl get back after a timeout), but I don't want to flush all user connections to the backup server. -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica_(___V Tfo: 868887590 Fax: 86337
Re: [Dovecot] Removing specific entry in user/auth cache
On 29.6.2012, at 10.13, Angel L. Mateo wrote: Other command it could be usefull is to remove a temporal user-server association in director. For example, I had a downtime in one server, so users normally directed to this server is now been directed to other. Now I want a user to get back to his normal server (force it, I know we willl get back after a timeout), but I don't want to flush all user connections to the backup server. There's already doveadm director move command.
Re: [Dovecot] Removing specific entry in user/auth cache
On Wed, 2012-06-27 at 19:08 -0700, Joseph Tam wrote: I dont known about Angel, but for me is useful because sometimes i need to deactivate smtp/imap/pop access from accounts, or change their home after storage migration, and removing a specific record i can use a long time cache. I'm not sure that the auth cache holds that information, userdb lookups are also cached. but I think you can at least invalidate a particular auth cache entry by 1) Changing the user password (and save the previous hash) 2) Authenticate using the new credentials (and invalidate the auth cache entry). For example, you can just do a manual connection on your dovecot server x login someuser newpassword This will replace the cache entry with a new one. 3) When you are ready to put the account back online, change the password back to the original. A password mismatch forces a resync to your authentication system which will restore the auth cache. This works for passdb cache, but not for userdb cache. It would be possible to add a doveadm command for this.. I think the main reason why I already didn't do it last time I was asked this was because I wanted to use doveadm auth cache flush or something similar as the command, but there already exists doveadm auth command and cache flush would be treated as username=cache password=flush :( Anyone have thoughts on a better doveadm command name? Or should I just break it and have v2.2 use doveadm auth check or something for the old doveadm auth command?
Re: [Dovecot] Removing specific entry in user/auth cache
El 27/06/12 14:24, Timo Sirainen escribió: On 27.6.2012, at 14.10, Angel L. Mateo wrote: We have dovecot configured with auth cache. Is there any way to remove a specific entry (not all) from this cache? Nope. What do you need it for? Because information for users sometimes changes. For example, when I made the question, home directory's of one user changed and all mails to him was been discarted because of this and I had to flush all cache to solve this. -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868887590 Fax: 86337
Re: [Dovecot] Removing specific entry in user/auth cache
Angel L. Mateo wrote: El 27/06/12 14:24, Timo Sirainen escribió: On 27.6.2012, at 14.10, Angel L. Mateo wrote: We have dovecot configured with auth cache. Is there any way to remove a specific entry (not all) from this cache? Nope. What do you need it for? Because information for users sometimes changes. We for example, define the per-user quota via mysql userdb and it needs to be updated in a timely manner, after it has been changed in the database via a web interface. Since we are using a pre-fetch userdb from mysql (which uses the same mysql database as the passdb), we were required to reduce the auth cache ttl to one minute in order to ensure timely quota updates. It would be good if there was some mechanism to detect or force such changes without having to reduce caching time to one minute. Regards Daniel -- https://plus.google.com/103021802792276734820
Re: [Dovecot] Removing specific entry in user/auth cache
On 28.6.2012, at 9.43, Timo Sirainen wrote: It would be possible to add a doveadm command for this.. I think the main reason why I already didn't do it last time I was asked this was because I wanted to use doveadm auth cache flush or something similar as the command, but there already exists doveadm auth command and cache flush would be treated as username=cache password=flush :( Anyone have thoughts on a better doveadm command name? Or should I just break it and have v2.2 use doveadm auth check or something for the old doveadm auth command? Perhaps for v2.2: doveadm auth test user [pass] doveadm auth cache flush [user] doveadm auth cache stats and for v2.1 a bit kludgy way: doveadm auth user [pass] doveadm auth cache flush [user] so you couldn't test authentication against cache user, but that's probably not a problem.
Re: [Dovecot] Removing specific entry in user/auth cache
Timo Sirainen wrote: On 28.6.2012, at 9.43, Timo Sirainen wrote: Perhaps for v2.2: doveadm auth test user [pass] doveadm auth cache flush [user] doveadm auth cache stats and for v2.1 a bit kludgy way: doveadm auth user [pass] doveadm auth cache flush [user] so you couldn't test authentication against cache user, but that's probably not a problem. Hi there, wouldn't it be better to use a syntax similar to other doveadm commands, with labels for all arguments? doveadm auth test -u user -p [pass] doveadm auth cache flush -u [user] doveadm auth cache stats This will allow you to syntactically distinguish commands from arguments. Otherwise you might run into the same kludgy syntax problem again, as soon as the number of subcommands changes. Regards Daniel -- https://plus.google.com/103021802792276734820
Re: [Dovecot] Removing specific entry in user/auth cache
On 29.6.2012, at 5.18, Daniel Parthey wrote: wouldn't it be better to use a syntax similar to other doveadm commands, with labels for all arguments? doveadm auth test -u user -p [pass] doveadm auth cache flush -u [user] doveadm auth cache stats This will allow you to syntactically distinguish commands from arguments. Otherwise you might run into the same kludgy syntax problem again, as soon as the number of subcommands changes. The problem was with the auth toplevel command not having subcommands. I don't think there are going to be any problems with subcommands. Also there are many commands already that take user without the -u parameter. Actually it's only the mail commands that take -u parameter at all. Another potential problem is doveadm user command. I'm wondering if it might be a good idea to move it to doveadm auth user or doveadm auth userdb command. There should be also a similar doveadm auth passdb command that does a passdb lookup without authentication.
[Dovecot] Removing specific entry in user/auth cache
Hi, We have dovecot configured with auth cache. Is there any way to remove a specific entry (not all) from this cache? -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica_(___V Tfo: 868887590 Fax: 86337
Re: [Dovecot] Removing specific entry in user/auth cache
On 27.6.2012, at 14.10, Angel L. Mateo wrote: We have dovecot configured with auth cache. Is there any way to remove a specific entry (not all) from this cache? Nope. What do you need it for?
Re: [Dovecot] Removing specific entry in user/auth cache
I dont known about Angel, but for me is useful because sometimes i need to deactivate smtp/imap/pop access from accounts, or change their home after storage migration, and removing a specific record i can use a long time cache. On Wed, Jun 27, 2012 at 9:24 AM, Timo Sirainen t...@iki.fi wrote: On 27.6.2012, at 14.10, Angel L. Mateo wrote: We have dovecot configured with auth cache. Is there any way to remove a specific entry (not all) from this cache? Nope. What do you need it for?
Re: [Dovecot] Removing specific entry in user/auth cache
Francisco Wagner C. Freire wgrcu...@gmail.com writes: On Wed, Jun 27, 2012 at 9:24 AM, Timo Sirainen t...@iki.fi wrote: On 27.6.2012, at 14.10, Angel L. Mateo wrote: We have dovecot configured with auth cache. Is there any way to remove a specific entry (not all) from this cache? Nope. What do you need it for? I dont known about Angel, but for me is useful because sometimes i need to deactivate smtp/imap/pop access from accounts, or change their home after storage migration, and removing a specific record i can use a long time cache. I'm not sure that the auth cache holds that information, but I think you can at least invalidate a particular auth cache entry by 1) Changing the user password (and save the previous hash) 2) Authenticate using the new credentials (and invalidate the auth cache entry). For example, you can just do a manual connection on your dovecot server x login someuser newpassword This will replace the cache entry with a new one. 3) When you are ready to put the account back online, change the password back to the original. A password mismatch forces a resync to your authentication system which will restore the auth cache. Joseph Tam jtam.h...@gmail.com