On 5.9.2012, at 3.58, Timo Sirainen wrote:
> On 3.9.2012, at 21.26, Kelsey Cummings wrote:
>
>> passdb {
>> args = proxy=y nopassword=y
>> driver = static
>> }
>
> I wonder if someone was doing a ton of logins for different usernames? This
> kind of setup where director doesn't verify the username can be attacked that
> way.
Although the extra users should be freed from the memory after 15 minutes.
Hmm. Once Dovecot supports moving existing connections from one backend server
to another without the client noticing anything, the director could be
simplified by using consistent hashing and when the number of backends changes,
the director could start moving connections to their proper backends. During
this move new connections would be handled by 1) if old backend = new backend
just forward the connection there or 2) if they're different, request immediate
move for that user's existing connections and wait for it to be finished before
letting new connections finish. Or alternatively if the user isn't just being
moved at that time, forward the connection to the old server and let it be part
of the later move.
The main difference here is that directors wouldn't need to keep any track of
user -> backend associations. The moving period could still be a bit tricky to
handle well, especially since the situation can change again while a previous
move is still going on.
