1 Topic by bcooper

  • bcooper
  • Member
  • Offline
  • Registered: 2016-07-21
  • Posts: 5

Topic: Changed AD password but dovecot continues to allow using old password

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.5-1
- Linux/BSD distribution name and version: Centos 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP using AD
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue:
====
I changed the AD password (using active directory users and computers) but in my mail clients they are still using the old password AND working.  Both thunderbird(imap setup) and Android K-9 app (imap setup) are still using the original password and continue to be able to send and receive email with no issues.  SOGO however does require the new password to login to the webmail page.  Can any one answer why this is and how to correct this behavior so that it properly uses the new password?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Changed AD password but dovecot continues to allow using old password

Do you have auth cache in Dovecot?

3 Reply by bcooper (edited by bcooper 2016-08-05 23:33:03)

  • bcooper
  • Member
  • Offline
  • Registered: 2016-07-21
  • Posts: 5

Re: Changed AD password but dovecot continues to allow using old password

ZhangHuangbin wrote:

Do you have auth cache in Dovecot?

It does not look like it.  I could not find any auth_cache entries in any of the configuration files.
IT sort of works after awhile I did get prompted in some places that the password did not work.  However not all places reported the errors and receiving email still continued to work, though sending started failing.

Update:
I tried again to change the password.  This time sending and receiving worked on both the PC(thunderbird) and K-9(android) right after the password change.  However when I closed thunderbird and reopened it, it then prompted me to enter a password for both sending and receiving(it did not do this last time).  Then K-9 failed to send messages so I updated the password for sending only.  Receiving in K-9 is still working using the old password however.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Changed AD password but dovecot continues to allow using old password

Maybe the client keeps the opened IMAP connection without logout and re-login (like IMAP IDLE), this avoids login process so it works like you described. That's why it just asked for password for SMTP service (no alive smtp connection).

5 Reply by bcooper

  • bcooper
  • Member
  • Offline
  • Registered: 2016-07-21
  • Posts: 5

Re: Changed AD password but dovecot continues to allow using old password

Ok,  Is there a way to turn that feature off (not sure if that is a good idea?)?

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,788

Re: Changed AD password but dovecot continues to allow using old password

This is a core feature of Dovecot IMAP server, you cannot turn it off server-side. Maybe you can exit MUA, then re-launch it?