On Wed, 2008-06-04 at 19:21 -0400, Jurvis LaSalle wrote: > Hi, > > We've had some issues with auth. /var/log/secure is full of 1000s of > these lines: > > Jun 4 19:12:08 khan dovecot-auth: pam_unix(dovecot:auth): > authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= > rhost=127.0.0.1 user=user123
Someone's trying to brute-force in? > Users can usually login OK with their ldap credentials, but > occasionally logins slow to a crawl if not outright fail, esp people > checking mail through Squirrelmail. Things get better after a dovecot > restart. You used blocking=yes with PAM, which means the PAM processes get reused. This might be why restarting helps. Have you tried how it works without the blocking=yes? > Googling around, I thought if we switched the order or > disabled the second passdb we had configured for our dovecotadmin > account, these failures would go away but that did not happen. What do you mean second passdb? There's only one passdb in your dovecot -n output: > passdb: > driver: pam > args: blocking=yes > userdb: > driver: passwd > args: blocking=yes Anyway, one sure way to reduce PAM problems would be to get rid of it and just configure Dovecot to use LDAP directly.
signature.asc
Description: This is a digitally signed message part
