Hello,
I'm having a problem with with password changing. According to
http://wiki2.dovecot.org/Authentication/Caching, I understand "normal
scenario" and "Using old cached password scenario", but I'm having a
problem with the "Early change scenario".
I understand that in this case, if in step 4 user tries password Y,
then this password is not tried again and login fails. But if the user
tries another password Z, then is it test it? Or does it directly
fail? I think that it is directly failing.
And here is my problem... I am using dovecot with a ldap backend
and another pam backend. The first one is users connecting with an
email client. The other one applies when the ldap backend fails and it
is use for connections from our webmail, which is integrated in our
CAS SSO environment (it has running an imap proxy too). Sometimes (the
only scenari we were able to reproduce is with users that for some
reason has two SSO sessions opened) dovecot receives an invalid CAS
ticket, then authentication fails, and no newer tickets are tried
until cache is clean. That's why I think that in this scenario another
Z password is even tried.
Any idea?
--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868889150
Fax: 868888337
# 2.1.16: /etc/dovecot/dovecot.conf
# OS: Linux 3.4.0-030400-generic x86_64 Ubuntu 12.04.3 LTS
auth_cache_size = 20 M
auth_cache_ttl = 1 days
auth_master_user_separator = *
default_process_limit = 1024
disable_plaintext_auth = no
imapc_features = rfc822.size
imapc_host = myotis30.um.es
imapc_master_user = master
imapc_password = VAsGowem
log_timestamp = %Y-%m-%d %H:%M:%S
login_trusted_networks = 155.54.211.176/28
mail_attachment_dir = /mail/users/attachments
mail_gid = vmail
mail_home = /mail/users/mailboxes/%2Ln/%Ln
mail_location = mdbox:%h/mdbox:INDEX=/mail/indexes/%2Ln/%Ln
mail_plugins = quota zlib lazy_expunge acl stats
mail_privileged_group = mail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
mdbox_rotate_size = 50 M
namespace {
inbox = yes
location =
prefix =
separator = .
}
namespace {
hidden = yes
list = no
location = mdbox:%h/expunged:INDEX=/mail/indexes/%2Ln/%Ln/expunged
prefix = BORRADOS.
separator = .
}
namespace {
list = children
location = mdbox:%%h/mdbox:INDEX=/mail/indexes/%%2Ln/%%Ln
prefix = shared.%%u.
separator = .
subscriptions = no
type = shared
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
passdb {
args = session=yes cache_key=%Ln dovecot
driver = pam
}
plugin {
acl = vfile:/etc/dovecot/global-acls:cache_secs=3600
lazy_expunge = BORRADOS.
quota = dict:User quota::file:%h/quota
quota_rule = *:storage=10G
quota_rule2 = Trash:storage=+1G
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_max_redirects = 15
stats_refresh = 30 secs
stats_track_cmds = yes
zlib_save = gz
zlib_save_level = 6
}
postmaster_address = [email protected]
protocols = " imap lmtp sieve pop3 sieve"
service anvil {
client_limit = 3075
}
service auth {
client_limit = 4096
unix_listener auth-userdb {
mode = 0777
}
}
service doveadm {
inet_listener {
port = 24245
}
}
service imap {
process_limit = 10240
process_min_avail = 6
vsz_limit = 512 M
}
service ipc {
unix_listener ipc {
user = dovecot
}
}
service lmtp {
inet_listener lmtp {
port = 24
}
process_min_avail = 10
vsz_limit = 512 M
}
service pop3 {
process_min_avail = 6
}
service stats {
fifo_listener stats-mail {
mode = 0666
}
}
ssl = no
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocol lmtp {
mail_plugins = quota zlib lazy_expunge acl stats sieve
}
protocol lda {
mail_plugins = quota zlib lazy_expunge acl stats sieve
}
protocol imap {
mail_plugins = quota zlib lazy_expunge acl stats imap_quota imap_acl
}
protocol pop3 {
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, in=%i, out=%o
}
local 155.54.211.160/27/27 {
doveadm_password = <password>
}
