Paul M Fleming wrote: > Timing out the passwords is simple ( I think ) I would store the time > when the entry is added and force a reauth if the password has been > cached longer than a timeout (for example one hour ). That forces a > reauth at least every timeout period of time. If an entry isn't in the > cache (or if it is different the entry would be removed and ) a reauth > would be forced. Every successfull auth would be added to the cache.
This whole idea sounds great, especially as I'd expect a lot of the authentication load to come from a small number of users with their clients set to check mail every few minutes. For debugging it would help if there was a way to force a flush of the entire cache, and one to dump its contents. I'm not sure how you'd get saslauthd to recognise maintenance commands like this - maybe some method of "out-of-band signalling", which seems better than tinkering with the socket protocol. -- Simon Brady mailto:[EMAIL PROTECTED] ITS Technical Services University of Otago, Dunedin, New Zealand
