Redundant database query?

[Patrick Gibson]

On 29-Oct-04, at 11:44 AM, Ken Murchison wrote:

>> I'm not sure I get what you mean by selecting the same column twice 
>> -- unless I'm mistaken, the query selects the PASSWORD column just 
>> once.
>
> From the log that you posted, it looks like its selecting PASSWORD 
> twice for user 'patrick'.  Am I incorrect?

Ah yes, I see what you mean -- this is what I meant by a redundant 
query. The same query is run twice in a row.

>> As for not being able to get rid of the second query -- is this a 
>> SASL bug?
>
> Depends on your point of view.  I'd say no, but others might disagree.
>
> > I can't understand why on earth it would be doing this.
>
> SASLv1 used to save a separate secret for each SASL mechanism, e.g. 
> cmusaslsecretDIGEST-MD5, cmusaslsecretPLAIN.
>
> SASLv2 now saves only the userPassword secret which is shared amongst 
> the mechanisms (except for special cases like OTP).
>
> When each SASL mechanism goes to fetch the secret from the auxprop 
> plugin, it doesn't know if the old secret has been upgraded to the new 
> secret (which only happens with a plaintext login), so it asks for 
> both, and will use whatever it receives.

*beam of light shining on problem* Okay, that's starting to make sense 
now.

I've disabled plaintext passwords (allowplaintext: no), and now if I 
configure my email client to connect using POP3, password 
authentication, it only does one look-up for the password; however, 
IMAP logins (using password or MD5 challenge/response) still results in 
two queries being performed.

I'm pretty new to SASL, so this business of old and new secrets is a 
bit foreign to me. Given that this is a fresh setup, is there a way for 
me to force the server to assume that all old secrets have been 
upgraded to the new? Is this what the "sasl_auto_transition" option is 
for?

Thanks,

Patrick

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html