On Wed, 2008-06-04 at 19:21 -0400, Jurvis LaSalle wrote:
Hi,
We've had some issues with auth. /var/log/secure is full of 1000s of
these lines:Jun 4 19:12:08 khan dovecot-auth: pam_unix(dovecot:auth):
authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=
rhost=127.0.0.1 user=user123
Someone's trying to brute-force in?
Users can usually login OK with their ldap credentials, but
occasionally logins slow to a crawl if not outright fail, esp people
checking mail through Squirrelmail. Things get better after a dovecot
restart.
You used blocking=yes with PAM, which means the PAM processes get reused. This might be why restarting helps. Have you tried how it works without the blocking=yes?
Googling around, I thought if we switched the order or
disabled the second passdb we had configured for our dovecotadmin
account, these failures would go away but that did not happen.
What do you mean second passdb? There's only one passdb in your dovecot -n output:
passdb: driver: pam args: blocking=yes userdb: driver: passwd args: blocking=yes
Anyway, one sure way to reduce PAM problems would be to get rid of it and just configure Dovecot to use LDAP directly.