Zitat von Michael Martinell <michael.martin...@itctel.com>:

-----Original Message-----
From: imp [mailto:imp-boun...@lists.horde.org] On Behalf Of Andy
Dorman
Sent: Thursday, September 08, 2016 4:35 PM
To: imp@lists.horde.org
Subject: Re: [imp] "horde imp" lock out after x failed login attempts

On 09/08/2016 03:53 PM, Michael Martinell wrote:
We have ours configured to use imp for authentication.  Count bad
logins is checked.  Login_block_count is 5.  Login_block_time is 5.
 Login_block is checked.

It does not lock the user out even after several bad attempts.

Michael Martinell
Internet Systems Technician
Interstate Telecommunications Coop., Inc.

-----Original Message-----
From: imp [mailto:imp-boun...@lists.horde.org] On Behalf Of Arjen de
Korte
Sent: Thursday, September 08, 2016 3:44 PM
To: imp@lists.horde.org
Subject: Re: [imp] "horde imp" lock out after x failed login attempts

Citeren Michael Martinell <michael.martin...@itctel.com>:

We are looking for a way to lock a user out of webmail after a
configurable amount of failed login attempts.  Preferably this would
redirect the user to a different web page directing them to call
support.  I am unable to locate this information anywhere in the
documentation.  What options exist that would support this?

See the 'Authentication' tab in the Horde configuration. It will
allow you to set limits on failed logins and how long to block users
after this limit has been exceeded.

Michael Martinell
Internet Systems Technician


What do your logs say when this happens?

This is what I see in the logs when I put in the wrong password.
Sep  9 08:03:40 www001 HORDE: [imp] [login] Mail server denied
authentication. [pid 14232 on line 730 of
"/usr/local/www/sites/horde5.itctel.com/imp/lib/Imap.php"]
Sep  9 08:03:40 www001 HORDE: [horde] FAILED LOGIN for itc_mmartinell
to horde (75.102.161.136) [pid 14232 on line 199 of
"/usr/local/www/sites/horde5.itctel.com/login.php"]


I can try it with the wrong password as many times as I want, but it
never seems to lock it out.  As soon as I put in the correct password,
I immediately get logged in.  It does not appear to be locking the
account for 5 minutes after 5 failed retries.

In this case I failed to login 10 times, receiving the above message
every time.  As soon as I put in the correct password I immediately
logged in without error.

Sep  9 08:04:32 www001 HORDE: [imp] Login success for itc_mmartinell
(75.102.161.136) to {imap://mail001.internal.itctel.com/} [pid 14223
on line 157 of
"/usr/local/www/sites/horde5.itctel.com/imp/lib/Auth.php"]

Do you have the History and Lock systems configured and working?

--
Jan Schneider
The Horde Project
http://www.horde.org/

--
imp mailing list
Frequently Asked Questions: http://wiki.horde.org/FAQ To unsubscribe, mail: imp-unsubscr...@lists.horde.org

I am not sure where the documentation for these settings are at. Where are the instructions for this?

Here is what I have:

From Imp conf.php
$conf['maillog']['driver'] = 'history';


From Horde conf.php
$conf['auth']['params']['app'] = 'imp';
$conf['auth']['driver'] = 'application';
$conf['auth']['params']['count_bad_logins'] = true;
$conf['auth']['params']['login_block'] = true;
$conf['auth']['params']['login_block_count'] = 5;
$conf['auth']['params']['login_block_time'] = 5;
$conf['signup']['allow'] = false;

See the 'history' and 'lock' settings in Horde's conf.php.

--
Jan Schneider
The Horde Project
http://www.horde.org/

--
imp mailing list
Frequently Asked Questions: http://wiki.horde.org/FAQ
To unsubscribe, mail: imp-unsubscr...@lists.horde.org

Reply via email to