On 22 Nov 2023, at 14:49, Alexander Bokovoy <aboko...@redhat.com> wrote:
On Аўт, 21 ліс 2023, Francis Augusto Medeiros-Logeay via FreeIPA-users wrote: Hi, I recently started to use FreeIPA for ldap login for my mail server (dovecot). I wonder if it is possible to disable user locking when fail requests come from dovecot. That’s because it already has fail2ban enabled there, and I feel that it should block logins from a particular ip, not user login per se. At the same time, I’d like to keep user lock for the other logins. Is this doable? No. This cannot be done -- a client cannot tell the LDAP (or KDC) server that it is a 'trusted one'. When authentication comes, it is all about user login, not where that login is coming from. Thanks Alexander. I don’t think this will change your answer, but the feature I asked about was not about “ the client telling that it is a trusted one” , but being able to set password policies based on which IP the request comes from. When mail server authenticates towards FreeIPA, it gets pretty chaotic if the user changes the password and have the phone, iPad, work and home computers trying to authenticate with the older password. Best, Francis -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue