Le 30/05/2017 à 20:16, Timo Sirainen a écrit : > https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz > https://dovecot.org/releases/2.2/dovecot-2.2.30.tar.gz.sig > > * auth: Use timing safe comparisons for everything related to > passwords. It's unlikely that these could have been used for > practical attacks, especially because Dovecot delays and flushes all > failed authentications in 2 second intervals. Also it could have > worked only when passwords were stored in plaintext in the passdb. > * master process sends SIGQUIT to all running children at shutdown, > which instructs them to close all the socket listeners immediately. > This way restarting Dovecot should no longer fail due to some > processes keeping the listeners open for a long time. > > + auth: Add passdb { mechanisms=none } to match separate passdb lookup > + auth: Add passdb { username_filter } to use passdb only if user > matches the filter. See https://wiki2.dovecot.org/PasswordDatabase Shouldn't the wiki be corrected ? we have: mechanisms: Skip, if non-empty and the current auth mechanism is listed here.
but the intended meaning is: mechanisms: Skip, if non-empty and the current auth mechanism is not listed here. Isn't it? Emmanuel.
