Hi Folks,
I just had a users' password compromised - with the result that a bunch
of spam was sent through her account. (Fixed by changing her password.)
But, in the process, I had to learn a lot about how Postfix wires
together with Cyrus SASL, and that in turn with PAM. I discovered
something that confuses me, and I hope someone can help:
- our system is set up to authenticate smtpd transactions via saslauthd
(and then to pam_unix to the password db)
- as soon as I changed the user's password, IMAP started failing
authentication and the password had to be changed, BUT...
- we could still SEND mail via smtpd using either username/newpassword
or username/oldpassword
- eventually this timed out and the old password stopped working
- obviously the old password was being cached somewhere, my assumption
being in the saslauthd credentials cache, BUT, that doesn't explain why
smtpd continued to accept the old password for a while
Which leads to several questions:
- the general one: anybody know what's going on?
- is postfix doing some of its own authentication caching (as suggested
by the variable smtp_sasl_auth_cache_time)
- and most important: is there a way to flush the cache?
Thanks very much,
Miles Fidelman
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra
