problem with authentication

Sujit Choudhury S.Choudhury at westminster.ac.uk
Thu Jul 28 11:26:11 EDT 2005


Following my earlier mail, I have forgot to mention the /etc/pamd/imap 
consists of the following lines:
#%PAM-1.0
auth            sufficient      pam_ldap.so
auth            required        pam_unix.so
auth            sufficient      pam_ldap.so
account         required        pam_unix.so

And cyrus is running on SuSE Linux 9.0.

Many thanks

Sujit

Sujit Choudhury wrote:
> We are running cyrus imapd which authenticates it's users against an 
> ldap server.  We are getting the problem if a user types the password 
> wrong, it continues to try to authenticate and after 6 retries, ldap 
> server locks out the account as intrusion detection is in place.
> 
> The /etc/imapd.conf contains the following:
> configdirectory: /var/imap
> partition-default: /var/imap/spool
> admins: john
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: plain
> altnamespace: yes
> unixhierarchysep: yes
> tls_cert_file: /var/imap/cyrus.pem
> tls_key_file: /var/imap/cyrus.pem
> virtdomains: userid
> defaultdomain: foobar.co.uk
> sendmail: /usr/sbin/sendmail
> # popminpoll: 2
> 
> Is there anything we should do to make sure that only one attempt is 
> made and it does not attempt for indefinite period.
> 
> ldap.conf is as follows:
> 
> base    o=foobar
> uri     ldap://ldap.foobar.co.uk
> tls     never
> sasl_secprops   none
> ldap_version    3
> #SIZELIMIT      12
> #TIMELIMIT      15
> #DEREF          never
> 
> Would be grateful for some ideas.
> 
> Many thanks
> 
> Sujit Choudhury
> 
> 
> 
> 
> ---
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html




More information about the Info-cyrus mailing list