[Solved] Re: exempt local auth-client UNIX socket from failed login penalty // add to login_trusted_networks ?
Steffen Kaiser
skdovecot at smail.inf.fh-brs.de
Wed Jun 29 06:19:32 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 29 Jun 2016, Timo Sirainen wrote:
> On 24 Jun 2016, at 13:33, Steffen Kaiser <skdovecot at smail.inf.fh-brs.de> wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I'm using Dovecot v2.2 with unix_listener auth-client {
>> } to verify passwords for a different service. However, it looks like that auth_failure_delay effects all connects going through that socket.
>>
>> I mean:
>>
>> connect /var/run/dovecot2.2/auth-client
>> attempt bad auth
>> 2s penalty
>> NO
>> disconnect
>> ==> Note, it's another connection almost immediately following each
>> connect /var/run/dovecot2.2/auth-client
>> attempt good auth
>> 2s penalty
>> OK
>> disconnect
>>
>> Can I disable auth_failure_delay for local UNIX sockets?
>> How do I add it to login_trusted_networks?
>
> If you add no-penalty parameter to the AUTH command you avoid the penalty.
Oh, I did missed the doc, when I grepped for "penalty" in the source tree.
For the archive, it's documented in the wiki Design/AuthProtocol .
It seems to work like charm. Thank you.
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEVAwUBV3NodHz1H7kL/d9rAQKQ2QgAwkBJ6RwWQmGRo3+F8TNohVI4w979ZA7F
ReWgZzMNdLWQbBGXEyv8TPa5hjHoBVFGV6xgLP99Fbw4WQPMSAtVptCWKKlq8InY
SNn1Pw0p1yYRkI9rvjWDN+ucsiHZ34JHIzF7UrFzaEhoaBzaQRw2oFjOv3KNAdX3
aywPJlloWKV5rmdRQI4zG8PWldxXYV7Iazim9LQzy+tIGYEqFoSJ2YPUiZaK3InF
7IoMBEX7oTXbmlbcc2nCKrKd7BGT7+hloFyMlKJ4L4J5yKA60DCxB6KDHoi7kkYK
bxb75JOly1eX+j0ihMmcllGz2/jAZBq+ZIhuqN83t3ZXraEQpadoqw==
=+XmK
-----END PGP SIGNATURE-----
More information about the dovecot
mailing list