On 23/03/2022 11:47 mj lists@merit.unu.edu wrote:
Hi,
We are logging failed authentication attempts, with the attempted password as auth_verbose_passwords=sha1
The question: is it possible to configure auth_verbose_passwords=plain for a specific user only? Turning it on globally would be too much sensitive information for the purpose.
Reason:
We are currently observing a high number of failed authentications for a specific user, coming from *many* diffirent IPs across the globe, with most IPs only trying once or twice, making this difficult to block. The number of failed authentications cause this account to regularly become blocked in AD.
We would like to know if they are trying older actual passwords from the user, or if it's just dictionary attack.
Thanks!
Well, is the sha1 value same every time? If it is, then they are trying same password each time.
Aki