[Dovecot] auth issues on centos5 with ldap backend
Timo Sirainen
tss at iki.fi
Thu Jun 5 02:44:54 EEST 2008
On Wed, 2008-06-04 at 19:21 -0400, Jurvis LaSalle wrote:
> Hi,
>
> We've had some issues with auth. /var/log/secure is full of 1000s of
> these lines:
>
> Jun 4 19:12:08 khan dovecot-auth: pam_unix(dovecot:auth):
> authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=
> rhost=127.0.0.1 user=user123
Someone's trying to brute-force in?
> Users can usually login OK with their ldap credentials, but
> occasionally logins slow to a crawl if not outright fail, esp people
> checking mail through Squirrelmail. Things get better after a dovecot
> restart.
You used blocking=yes with PAM, which means the PAM processes get
reused. This might be why restarting helps. Have you tried how it works
without the blocking=yes?
> Googling around, I thought if we switched the order or
> disabled the second passdb we had configured for our dovecotadmin
> account, these failures would go away but that did not happen.
What do you mean second passdb? There's only one passdb in your dovecot
-n output:
> passdb:
> driver: pam
> args: blocking=yes
> userdb:
> driver: passwd
> args: blocking=yes
Anyway, one sure way to reduce PAM problems would be to get rid of it
and just configure Dovecot to use LDAP directly.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080605/1231fd00/attachment.bin
More information about the dovecot
mailing list