[Dovecot] auth issues on centos5 with ldap backend

Hugo Monteiro hugo.monteiro at fct.unl.pt
Thu Jun 5 20:10:52 EEST 2008 

Jurvis LaSalle wrote:
>
> On Jun 4, 2008, at 8:54 PM, Timo Sirainen wrote:
>
>> On Wed, 2008-06-04 at 20:02 -0400, Jurvis LaSalle wrote:
>>
>>>>> Jun  4 19:12:08 khan dovecot-auth: pam_unix(dovecot:auth):
>>>>> authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=
>>>>> rhost=127.0.0.1  user=user123
>>>>
>>>> Someone's trying to brute-force in?
>>>>
>>> sorry.  i changed that from a valid username at our site to
>>> user123.
>>> nearly all of the errors are for valid accounts.
>>
>> Are there any valid logins at all then?
>
> I'm not sure I understand your question.  Here's my observations:
> when I
>
> $ telnet localhost 143
> Trying 127.0.0.1...
> Connected to localhost.localdomain (127.0.0.1).
> Escape character is '^]'.
> * OK Dovecot ready.
> 1 login validLDAPaccount XXXXX
> 1 OK Logged in.
> 2 logout
> * BYE Logging out
> 2 OK Logout completed.
> Connection closed by foreign host.
>
> I see in /var/log/secure an error like this:
>
> Jun  5 12:37:46 khan dovecot-auth: pam_unix(dovecot:auth): 
> authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= 
> rhost=127.0.0.1 user=validLDAPaccount
>
> So the user was logged in, but an error was logged for some reason.  
> OTOH, when I log in using the dovecotadmin account, no error is 
> logged.  I've tried changing the order of the passdb sections and 
> removing the dovecotadmin section entirely, but an error is always 
> logged for an LDAP user even though they successfully login.
>
> Does that answer your question?  Please let me know if I can provide 
> any additional info to figure this out.  I'll work on removing PAM 
> from the equation as auth locked up on us again while I was writing 
> this even though I removed the blocking=yes from the passdb:driver:pam 
> section.
>
> Thanks,
> JL
>

Hello,

The first time i tried out dovecot, although it preformed quite nicely 
after the login, i remember having a bit of lag when the client was 
first logging in. At the time i was using LDAP backend for user 
authetication.

Now i can't recall if i was getting the same type of error you show from 
your log file, but i do recall that same "wait" uppon login. My problem 
was that, by default, dovecot would ALSO check using PAM/passwd 
backends, before going for the LDAP backend.

Right after i eliminated the PAM/passwd passdb definitions ALL dovecot's 
operations were blazing fast.

I'm not saying that's your problem, but it's worth checking.

Regards,

Hugo Monteiro.

-- 
ci.fct.unl.pt:~# cat .signature

Hugo Monteiro
Email	 : hugo.monteiro at fct.unl.pt
Telefone : +351 212948300 Ext.15307

Centro de Informática
Faculdade de Ciências e Tecnologia da
		   Universidade Nova de Lisboa
Quinta da Torre   2829-516 Caparica   Portugal
Telefone: +351 212948596   Fax: +351 212948548
www.ci.fct.unl.pt	      apoio at fct.unl.pt

ci.fct.unl.pt:~# _

More information about the dovecot mailing list