Hi,
We are logging failed authentication attempts, with the attempted
password as auth_verbose_passwords=sha1
The question: is it possible to configure auth_verbose_passwords=plain
for a specific user only? Turning it on globally would be too much
sensitive information for the purpose.
Reason:
We are currently observing a high number of failed authentications for a
specific user, coming from *many* diffirent IPs across the globe, with
most IPs only trying once or twice, making this difficult to block. The
number of failed authentications cause this account to regularly become
blocked in AD.
We would like to know if they are trying older actual passwords from the
user, or if it's just dictionary attack.
Thanks!
- log failed plaintext password for specific user only mj
-
