On 7.8.2019 11.51, James via dovecot wrote: > On 06/08/2019 06:46, Aki Tuomi via dovecot wrote: >> >> On 2.8.2019 13.45, James via dovecot wrote: >>> My auth process is dumping core. This happens several times per day > ... > >> There is an easy fix for this, attached. > > Patch applied; no core dump in 24 hours. > > This appears to have fixed the problem. I found that it crashed when > the policy server responded too quickly. As the before and after auth > command=allow request are the same I cache the first, leading to a > fast second response. Removing the cache (nginx proxy_cache ...) must > change the timings and circumvented the crash. Why use both check > before and after auth? roundcube webmail reports an error with only > auth_policy_check_before_auth. I cannot see why. The simple and lazy > solution is to use double auth_policy_check_! > > Thank you Aki for looking at this and finding a solution so quickly.
The double-check is for places which want to implement something like COS or want to perform validations in policy server *after* we know the user identity. The first check is done before we even know if the user or the credential(s) are valid. Aki
