exempt local auth-client UNIX socket from failed login penalty // add to login_trusted_networks ?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
I'm using Dovecot v2.2 with unix_listener auth-client { } to verify passwords for a different service. However, it looks like that auth_failure_delay effects all connects going through that socket.
I mean:
connect /var/run/dovecot2.2/auth-client attempt bad auth 2s penalty NO disconnect ==> Note, it's another connection almost immediately following each connect /var/run/dovecot2.2/auth-client attempt good auth 2s penalty OK disconnect
Can I disable auth_failure_delay for local UNIX sockets? How do I add it to login_trusted_networks?
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBV20MbHz1H7kL/d9rAQKm1AgAiVjjSimUTapEbhqHwZzfQWLzcJlkfm2W z5smziGbVELYb0/COPd84GK6wyUF7+3iRZOuVPhLRdljhB72PWRe+hHX3KgMWHr2 1o5WLkX+0cGEwSXMvJ2w3ee/zmxYxva2WI+PjSzkgvvhxGMtnIxO7mMglEV5zbbq ZxJcC1Ba4T9qpUhRIw3EQ5VPRs4cnLBz3Im4IDGLduWAGJYf/Rrxh+x+k3IqMtzb v92ErjgQtz5bN+bgEtQ8C33UehoZeZ93eA3V8o/OiwZPtWyneWL6Yqwxni4LjtLI R4wuu0N6Ea/BbA/fsElquRer0bXH2Zkt5mckJpDG6Rbe/IO5WYXq0A== =axyE -----END PGP SIGNATURE-----
On 24 Jun 2016, at 13:33, Steffen Kaiser skdovecot@smail.inf.fh-brs.de wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi,
I'm using Dovecot v2.2 with unix_listener auth-client { } to verify passwords for a different service. However, it looks like that auth_failure_delay effects all connects going through that socket.
I mean:
connect /var/run/dovecot2.2/auth-client attempt bad auth 2s penalty NO disconnect ==> Note, it's another connection almost immediately following each connect /var/run/dovecot2.2/auth-client attempt good auth 2s penalty OK disconnect
Can I disable auth_failure_delay for local UNIX sockets? How do I add it to login_trusted_networks?
If you add no-penalty parameter to the AUTH command you avoid the penalty.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 29 Jun 2016, Timo Sirainen wrote:
On 24 Jun 2016, at 13:33, Steffen Kaiser skdovecot@smail.inf.fh-brs.de wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I'm using Dovecot v2.2 with unix_listener auth-client { } to verify passwords for a different service. However, it looks like that auth_failure_delay effects all connects going through that socket.
I mean:
connect /var/run/dovecot2.2/auth-client attempt bad auth 2s penalty NO disconnect ==> Note, it's another connection almost immediately following each connect /var/run/dovecot2.2/auth-client attempt good auth 2s penalty OK disconnect
Can I disable auth_failure_delay for local UNIX sockets? How do I add it to login_trusted_networks?
If you add no-penalty parameter to the AUTH command you avoid the penalty.
Oh, I did missed the doc, when I grepped for "penalty" in the source tree. For the archive, it's documented in the wiki Design/AuthProtocol . It seems to work like charm. Thank you.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBV3NodHz1H7kL/d9rAQKQ2QgAwkBJ6RwWQmGRo3+F8TNohVI4w979ZA7F ReWgZzMNdLWQbBGXEyv8TPa5hjHoBVFGV6xgLP99Fbw4WQPMSAtVptCWKKlq8InY SNn1Pw0p1yYRkI9rvjWDN+ucsiHZ34JHIzF7UrFzaEhoaBzaQRw2oFjOv3KNAdX3 aywPJlloWKV5rmdRQI4zG8PWldxXYV7Iazim9LQzy+tIGYEqFoSJ2YPUiZaK3InF 7IoMBEX7oTXbmlbcc2nCKrKd7BGT7+hloFyMlKJ4L4J5yKA60DCxB6KDHoi7kkYK bxb75JOly1eX+j0ihMmcllGz2/jAZBq+ZIhuqN83t3ZXraEQpadoqw== =+XmK -----END PGP SIGNATURE-----
participants (2)
-
Steffen Kaiser
-
Timo Sirainen