Jurvis LaSalle wrote:
On Jun 4, 2008, at 8:54 PM, Timo Sirainen wrote:
On Wed, 2008-06-04 at 20:02 -0400, Jurvis LaSalle wrote:
Jun 4 19:12:08 khan dovecot-auth: pam_unix(dovecot:auth):
authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=
rhost=127.0.0.1 user=user123
Someone's trying to brute-force in?
sorry. i changed that from a valid username at our site to
user123.
nearly all of the errors are for valid accounts.
Are there any valid logins at all then?
I'm not sure I understand your question. Here's my observations:
when I
$ telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
* OK Dovecot ready.
1 login validLDAPaccount XXXXX
1 OK Logged in.
2 logout
* BYE Logging out
2 OK Logout completed.
Connection closed by foreign host.
I see in /var/log/secure an error like this:
Jun 5 12:37:46 khan dovecot-auth: pam_unix(dovecot:auth):
authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=
rhost=127.0.0.1 user=validLDAPaccount
So the user was logged in, but an error was logged for some reason.
OTOH, when I log in using the dovecotadmin account, no error is
logged. I've tried changing the order of the passdb sections and
removing the dovecotadmin section entirely, but an error is always
logged for an LDAP user even though they successfully login.
Does that answer your question? Please let me know if I can provide
any additional info to figure this out. I'll work on removing PAM
from the equation as auth locked up on us again while I was writing
this even though I removed the blocking=yes from the passdb:driver:pam
section.
Thanks,
JL
Hello,
The first time i tried out dovecot, although it preformed quite nicely
after the login, i remember having a bit of lag when the client was
first logging in. At the time i was using LDAP backend for user
authetication.
Now i can't recall if i was getting the same type of error you show from
your log file, but i do recall that same "wait" uppon login. My problem
was that, by default, dovecot would ALSO check using PAM/passwd
backends, before going for the LDAP backend.
Right after i eliminated the PAM/passwd passdb definitions ALL dovecot's
operations were blazing fast.
I'm not saying that's your problem, but it's worth checking.
Regards,
Hugo Monteiro.
--
ci.fct.unl.pt:~# cat .signature
Hugo Monteiro
Email : [EMAIL PROTECTED]
Telefone : +351 212948300 Ext.15307
Centro de Informática
Faculdade de Ciências e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
www.ci.fct.unl.pt [EMAIL PROTECTED]
ci.fct.unl.pt:~# _
