Univention Bugzilla – Full Text Bug Listing |
Summary: | Enable auth caching in Dovecot | ||
---|---|---|---|
Product: | UCS | Reporter: | Daniel Tröder <troeder> |
Component: | Mail - Dovecot | Assignee: | Daniel Tröder <troeder> |
Status: | CLOSED FIXED | QA Contact: | Sönke Schwardt-Krummrich <schwardt> |
Severity: | normal | ||
Priority: | P5 | CC: | schwardt, walkenhorst |
Version: | UCS 4.0 | ||
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 34839 |
Description
Daniel Tröder
2015-06-18 12:35:12 CEST
Commit 61367 adds auth caching support. TTL is 5 minutes for positive and negative cache entries, cache size is 100k, that should be enough for ~400.000 entries. TTL and cache size are currently not configurable. Could be done with UCRVs easily if desired/requested. Good news: with some testing I found out, that userdb caching does actually work, just not as often as I had expected. I think we should reduce the negative caching ttl to 1min or less. If a new account is created but used "too early", the negative cache prevents a successful login for 5 minutes. Commit 61462 reduces negative auth caching ttl to 1min. Values seem to be ok for now. On my test machine, the test script returned the following values: 1500 IMAP connections are OK (took 8.766399 seconds) 1500 IMAP logins are OK (took 33.926131 seconds) 1500 IMAP logouts are OK (took 1.534729 seconds) Memory Used = 0.434MB per connection (Warning: only rough estimation) Current values: root@slave22b:/etc/dovecot/conf.d# grep auth_cache_ 10-auth.conf auth_cache_size = 100k auth_cache_ttl = 5 mins auth_cache_negative_ttl = 1 mins |