From: Patrick Ben Koetter (pstate-of-mind.de)
Date: Fri Apr 01 2005 - 17:05:39 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Andre Galvani <andre.galvaniglobo.com>:
> Hi All,
>
> I'm having a problems with a kind of "cache" when I'm using postfix
> +sasl.
> (Cyrus sasl daemon authentication(saslauthd) have some options about
> credential cache, but it doesn't have effect for me...)
> Well, follow the problem:
> - I'm using sasl+pam authenticating in the radius server, using the
> pam_radius library. But, only feel requests(for the same user),for
> authentication, go to the radius server, and others bypass direct by
> Postfix without go to the radius server.
> Example:
> Apr 1 15:17:54 server postfix/smtpd[22839]: [ID 197553 mail.info]
> 358F91F9BDC7:client=somehost.com[100.100.100.1], sasl_method=LOGIN,
> sasl_username=userdomain.com
>
> Above we have a normal log message for sucessful authentications, but if
> I block the user in database, the user still authenticating in postfix
> without go to the radius server and without log error messages for
> authenticatiuon failed...
> I've tried to stop and start only the saslauthd, but not effect...
> But, after I stop and start postfix, the user start to receive a
> "reject" from postfix and radius server...

AFAIK Postfix hands the task of authentication off to SASL and it waits for
SASL to return with a result. I have never heard of such a "cache" problem
before and the only thing that comes to my mind is saslauthd caching the
result. There is, as you mentioned, a switch to turn on some kind of caching
in saslauthd, but I have zero experience with it. I only know that it exists.
I never tried it.

prick

--
SMTP AUTH howto:
<http://postfix.state-of-mind.de/patrick.koetter/smtpauth/>
SMTP AUTH debug utility:
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]