Hello,
In my system I have configured auth caching. The problem I have is that
whenever a user changes his password, he/she can't login to dovecot
after a while and the scenarios described at
http://wiki2.dovecot.org/Authentication/Caching are not applied.
I have tried also with "doveadm auth cache flush <login>", but
it
didn't work. He also could to login again if he waits for a time or if I
run "doveadm auth cache flush" in the server, flushing all auth
information from cache.
I have attached the log I had when I changed my password (and suffered
the problem). I have attached my doveconf -n too.
--
Angel L. Mateo Mart?nez
Secci?n de Telem?tica
?rea de Tecnolog?as de la Informaci?n
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868889150
Fax: 868888337
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cambioclave.log
Type: text/x-log
Size: 1349 bytes
Desc: not available
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20121019/93b2b175/attachment-0004.bin>
-------------- next part --------------
# 2.1.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.19um1 x86_64 Ubuntu 12.04.1 LTS
auth_cache_size = 20 M
auth_cache_ttl = 1 days
auth_master_user_separator = *
auth_verbose = yes
default_process_limit = 1024
disable_plaintext_auth = no
log_timestamp = %Y-%m-%d %H:%M:%S
login_trusted_networks = 155.54.211.176/28
mail_location = maildir:~/Maildir:INDEX=/var/indexes/%n
mail_plugins = quota zlib
mail_privileged_group = mail
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave imapflags
mdbox_rotate_size = 20 M
namespace {
inbox = yes
location =
prefix =
separator = .
}
namespace {
hidden = yes
list = no
location = maildir:~/Maildir/expunged
prefix = BORRADOS.
separator = .
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
passdb {
args = session=yes cache_key=%n dovecot
driver = pam
}
plugin {
lazy_expunge = BORRADOS.
quota = dict:User quota::file:%h/Maildir/dovecot.quota
quota_rule = *:storage=10G
quota_rule2 = Trash:storage=+1G
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_extensions = +imapflags
sieve_max_redirects = 15
zlib_save = gz
zlib_save_level = 6
}
postmaster_address = postmaster at um.es
protocols = imap pop3 lmtp sieve
service anvil {
client_limit = 3075
}
service auth {
client_limit = 4096
unix_listener auth-userdb {
mode = 0666
}
}
service doveadm {
inet_listener {
port = 24245
}
}
service imap {
process_limit = 5120
process_min_avail = 6
vsz_limit = 512 M
}
service ipc {
unix_listener ipc {
user = dovecot
}
}
service lmtp {
inet_listener lmtp {
port = 24
}
process_min_avail = 10
vsz_limit = 512 M
}
service pop3 {
process_min_avail = 6
}
ssl = no
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocol lda {
mail_plugins = quota zlib sieve
}
protocol imap {
mail_plugins = quota zlib imap_quota
}
protocol lmtp {
mail_plugins = quota zlib sieve
}
protocol pop3 {
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, in=%i, out=%o
}
local 155.54.211.160/27/27 {
doveadm_password = <password>
}
El 19/10/12 14:38, Angel L. Mateo escribi?:> Hello, > > In my system I have configured auth caching. The problem I have is > that whenever a user changes his password, he/she can't login to dovecot > after a while and the scenarios described at > http://wiki2.dovecot.org/Authentication/Caching are not applied. > > I have tried also with "doveadm auth cache flush <login>", but it > didn't work. He also could to login again if he waits for a time or if I > run "doveadm auth cache flush" in the server, flushing all auth > information from cache. > > I have attached the log I had when I changed my password (and > suffered the problem). I have attached my doveconf -n too. >I think I have found part of the problem. My problem is that my authentication chain is first try by ldap (for normal clients authentication), and if it failed, then try with pam_cas (for webmail accesses with SSO). My change password application forms part of webmail, which also uses an imapproxy, so when I change the password, automatically seems to enter in the "Early change scenario" (I still haven't found the concrete reason for this). But I have tried to manually change the password in my ldap servers, and it works fine. So my point is that something related with this authentication chain provokes this scenario. My question now is there any way to configure authentication so a mechanism is only use when connections coming from a set of IPs? -- Angel L. Mateo Mart?nez Secci?n de Telem?tica ?rea de Tecnolog?as de la Informaci?n y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 868888337