On Аўт, 21 ліс 2023, Francis Augusto Medeiros-Logeay via FreeIPA-users wrote:
Hi,
I recently started to use FreeIPA for ldap login for my mail server (dovecot).
I wonder if it is possible to disable user locking when fail requests
come from dovecot. That’s because it already has fail2ban enabled
there, and I feel that it should block logins from a particular ip, not
user login per se.
At the same time, I’d like to keep user lock for the other logins.
Is this doable?
No. This cannot be done -- a client cannot tell the LDAP (or KDC) server
that it is a 'trusted one'. When authentication comes, it is all about
user login, not where that login is coming from.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
