Jurvis LaSalle wrote:
On Jun 4, 2008, at 8:54 PM, Timo Sirainen wrote:
On Wed, 2008-06-04 at 20:02 -0400, Jurvis LaSalle wrote:
Jun 4 19:12:08 khan dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=127.0.0.1 user=user123
Someone's trying to brute-force in?
sorry. i changed that from a valid username at our site to user123. nearly all of the errors are for valid accounts.
Are there any valid logins at all then?
I'm not sure I understand your question. Here's my observations: when I
$ telnet localhost 143 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'.
- OK Dovecot ready. 1 login validLDAPaccount XXXXX 1 OK Logged in. 2 logout
- BYE Logging out 2 OK Logout completed. Connection closed by foreign host.
I see in /var/log/secure an error like this:
Jun 5 12:37:46 khan dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=127.0.0.1 user=validLDAPaccount
So the user was logged in, but an error was logged for some reason.
OTOH, when I log in using the dovecotadmin account, no error is logged. I've tried changing the order of the passdb sections and removing the dovecotadmin section entirely, but an error is always logged for an LDAP user even though they successfully login.Does that answer your question? Please let me know if I can provide any additional info to figure this out. I'll work on removing PAM from the equation as auth locked up on us again while I was writing this even though I removed the blocking=yes from the passdb:driver:pam section.
Thanks, JL
Hello,
The first time i tried out dovecot, although it preformed quite nicely after the login, i remember having a bit of lag when the client was first logging in. At the time i was using LDAP backend for user authetication.
Now i can't recall if i was getting the same type of error you show from your log file, but i do recall that same "wait" uppon login. My problem was that, by default, dovecot would ALSO check using PAM/passwd backends, before going for the LDAP backend.
Right after i eliminated the PAM/passwd passdb definitions ALL dovecot's operations were blazing fast.
I'm not saying that's your problem, but it's worth checking.
Regards,
Hugo Monteiro.
-- ci.fct.unl.pt:~# cat .signature
Hugo Monteiro Email : hugo.monteiro@fct.unl.pt Telefone : +351 212948300 Ext.15307
Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt apoio@fct.unl.pt
ci.fct.unl.pt:~# _