exempt local auth-client UNIX socket from failed login penalty // add to login_trusted_networks ?

Timo Sirainen tss at iki.fi
Tue Jun 28 21:32:19 UTC 2016


On 24 Jun 2016, at 13:33, Steffen Kaiser <skdovecot at smail.inf.fh-brs.de> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi,
> 
> I'm using Dovecot v2.2 with  unix_listener auth-client {
> } to verify passwords for a different service. However, it looks like that auth_failure_delay effects all connects going through that socket.
> 
> I mean:
> 
> connect /var/run/dovecot2.2/auth-client
> attempt bad auth
> 2s penalty
> NO
> disconnect
> ==> Note, it's another connection almost immediately following each
> connect /var/run/dovecot2.2/auth-client
> attempt good auth
> 2s penalty
> OK
> disconnect
> 
> Can I disable auth_failure_delay for local UNIX sockets?
> How do I add it to login_trusted_networks?

If you add no-penalty parameter to the AUTH command you avoid the penalty.



More information about the dovecot mailing list