- Logging doesn't use the auth_request_log_*() calls like rest of
the Dovecot-auth. Now things like service name (imap, pop3, ..) or
remote IP address aren't logged.
- The debug logging probably could be enabled with auth_debug=yes
instead of a separate debug option. Although it seems like it's more
meant for developers with the __LINE__ and __FUNCTION__ strings and
things like refcounts which aren't useful for admins.
- The debug logging seems to be written mostly for developers. Are
they still even useful at that level (e.g. refcounts More admin-
oriented debug logging (with auth_debug=yes) would also have been
helpful.
- The hardcoded maildir: and quota_rule stuff won't get in like
that. :) They'll have to be configurable somehow. Actually couldn't
the whole configuration have been just like with ldap db? (Or actually
the ldap config is a bit annoying, I was planning on making the user/
pass_attrs be configured a bit differently.)
- Passing in_od_info->mem_pool all around just seems to make the
code more confusing, since I doubt it's ever going to be anything else
than system_pool?
- CRAM-MD5 and APOP request/response handler stealing is pretty
evil, especially with the duplicated structs. I'm sure there's a
better way, although probably requires larger changes.
- There are a lot of imap/pop3 references. How would e.g.
managesieve work?
- I'd change several if + i_error() checks to just i_assert()s.
