dovecot -- Specific LDAP + auth cache configuration may mix up user logins

ID CF484358-B5D6-11DC-8DE0-001C2514716C
Type freebsd
Reporter FreeBSD
Modified 2007-12-21T00:00:00


Dovecot reports:

If two users with the same password and same pass_filter variables log in within auth_cache_ttl seconds (1h by default), the second user may get logged in with the first user's cached pass_attrs. For example if pass_attrs contained the user's home/mail directory, this would mean that the second user will be accessing the first user's mails.