"SfR Fresh" - the SfR Freeware/Shareware Archive

Member "dovecot-1.0.15/doc/wiki/Authentication.Caching.txt" of archive dovecot-1.0.15.tar.gz:

As a special service "SfR Fresh" has tried to format the requested source page into HTML format using source code syntax highlighting with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. That can be also achieved for any archive member file by clicking within an archive contents listing on the first character of the file(path) respectively on the according byte size field. 
    1 
    2 
    3 Caching of authentication results
    4 =================================
    5 
    6 
    7 Dovecot supports caching results of password and user database lookups. The following rules apply to using authentication cache: 
    8 
    9  * Data is used from cache if it's not expired ('auth_cache_ttl' setting) 
   10 
   11  * If authentication fails this time, but it didn't fail last time, it's assumed that the password had changed and the database lookup is done. 
   12 
   13  * If database lookup failed because of some internal error, but data still exists in cache (even if expired), the cached data is used. This allows Dovecot to log in some users even if the database is temporarily down. 
   14 Authentication cache can be flushed by sending SIGHUP to dovecot-auth. 
   15 Sending SIGUSR2 to dovecot-auth makes it log the number of cache hits and misses. You can use that information to tune the cache size and TTL. 
   16 
   17 
   18 Settings
   19 ========
   20 
   21 
   22 The settings related to authentication cache are: 
   23 
   24  * 'auth_cache_size': Authentication cache size in kilobytes, 0 disables caching (default). A typical passdb cache entry is around 50 bytes and a typical userdb cache entry is around 100-200 bytes, depending on the amount of information your user and password database lookups return. 
   25  * 'auth_cache_ttl': Time to live in seconds for cache entries. A cache entry is no longer used (except for internal failures) if it was created more than this many seconds ago. Entries are removed from cache only when the cache is full and a new entry is being added. 
   26  * 'auth_cache_negative_ttl': (v1.1+ only) If passdb or userdb lookup didn't return any data (i.e. user didn't exist), it's also stored to cache as a negative entry. This setting allows you to give negative entries a different TTL. 0 disables negative caching completely. 
   27 It should be pretty safe to set very high TTLs, because the only field that usually can change is the user's password, and Dovecot attempts to catch those cases (see the rules above). 
   28 
   29 
   30 Cache keys
   31 ==========
   32 
   33 
   34 Usually only the username uniquely identifies a user, but in some setups you may need something more, for example the remote IP address. For SQL and LDAP lookups Dovecot figures this out automatically by using all the used >>%variables<< as the cache key. For example if your SQL query contains %s, %u and %r the cache entry is used only if all of them (service name, username and remote IP) match for the new lookup. 
   35 With other databases Dovecot doesn't know what could affect caching, so you have to tell it to Dovecot manually. The following databases require specifying cache key: 
   36 
   37  * vpopmail 
   38  * pam 
   39  * bsdauth 
   40 For example if the PAM lookup depends on username and service, you can use: 
   41 
   42 ---%<-------------------------------------------------------------------------
   43 passdb pam {
   44   args = cache_key=%s%u *
   45 }
   46 ---%<-------------------------------------------------------------------------
   47 
   48 (This file was created from the wiki on 2007-12-11 04:42)