similar to: POP3 dictionary attacks

Dear all, I've been looking into hacking with some PAM modules, and thought I could learn from the OpenSSH source (it's probably the closest thing to a canonical cross-platform consumer of the API). One thing I've noticed I don't understand though is how OpenSSH's invocation of do_pam_session/setcred can work (in main of the process forked in sshd.c). Ignoring privsep for the

Works great with all the beta versions. I installed RC1 and get massive authentication failures. auth_debug_passwords = yes auth_master_user_separator=* auth default_with_listener { mechanisms = plain passdb passwd-file { # Master users that can log in as anyone args = /etc/dovecot.masterusers master = yes #pass =yes } passdb passwd-file { # Path for passwd-file

>Using OpenSSH 3.1p1 on a Sun Solaris 7 box, I disabled an account using the >'passwd -l ...' command to lock the users password. However, the user can >still access the system via ssh. Whilst I could do other things such as >moving their .ssh directory, removing their account home directory, etc, >etc, is there some 'nicer' way to inform ssh that the account is now

Should pam_setcred() be called if pam_authenticate() wasn't called? I would say not; both of these functions are in the authenticate part of pam. It seems the the 'auth' part of pam config controls which modules get called, so if you didn't to _authenticate() you shouldn't do _setcred(). thx /fc

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there any way to disable logging of failures during pam_authenticate? I ask because OpenSSH is currently generating an extra "authentication failure..." message at each login. The problem is that OpenSSH likes to try a blank password attempting any other authentication. This is a shortcut for anonymous SSH servers (e.g. OpenBSD's

The auth-pam.c of sshd server contains a small flaw that allows empty password logins even if "PermitEmptyPasswords" option in the sshd config file is set to "no". The scenario is as follows: Using ssh the user tries to logon to the machine using an account that has empty password. If the user presses enter on the password prompt (NULL password) access is

Hi, I have a login issue. I do everything I can think of, but can't login. My .conf file is at http://kabuto.kunduz.org/dovecot.conf and I make slight changes everytime I try a new thing. I last set disable_plaintext_auth to yes and when I try to login using Thunderbird, I get *Code:* Sending of username did not succeed. Mail server mail.somedomain.org responded: Plaintext

Hello all, Following the Dovecot wiki and migration help, we recently migrated our core IMAP systems from Courier to Dovecot on Solaris. So far it's been working great, but I have one issue that I'm curious about. Just as the docs mention, we also use "syslog_facility = mail" for logging. Unlike in the past, failed PAM auth attempts are now getting logged as mail.error: Nov

>Neither the Sun PAM documentation nor the Linux-PAM documentation >describe the semantics of PAM_REINITIALIZE_CREDS in any useful detail. I would agree it is vague, but then that is also a problem with the XSSO document (http://www.opengroup.org/onlinepubs/008329799/) >Could we please have a clarification on the semantics of >PAM_CRED_ESTABLISH vs. the semantics of

On 07 Apr 2016, at 19:02, Mobile Phone <cell at eceb.co.uk> wrote: > > pam(prtg.08dir,91.91.91.91): pam_authenticate() failed: Authentication > failure (password mismatch?) (given password: YesThisWasTheCorrectPassword) .. > Why it this bouncing 25% + of IMAP AUTH LOGINs? PAM said that login wasn't allowed. PAM can have all kinds of plugins that can do all kinds of things.

When I open the mail client (thunderbird), I can access the mailboxes and all of a sudden, I am loosing the authenticated session. Any idea's where to look? Jan 17 12:42:04 mail04 dovecot: imap-login: Login: user=<usertest>, method=PLAIN, rip=192.168.10.219, lip=192.168.10.44, mpid=13403, TLS, session=<NsYo4qV/CNfAqArb> Jan 17 12:42:04 mail04 dovecot: imap(usertest): Debug:

Hello, I would like to ask for your help. I have noticed some error messages issued by dovecot. Mar 13 20:00:57 relay dovecot: auth-worker(default): pam(example at example.com): pam_authenticate() failed: authentication error (/etc/pam.d/dovecot missing?) Not surprisingly $ l /etc/pam.d/dovecot ls: /etc/pam.d/dovecot: No such file or directory The funny thing is that authentication does work

Hi List, I have a problem with auth for just one user: dovecot: Sep 30 09:56:16 Info: auth(default): new auth connection: pid=3809 dovecot: Sep 30 09:56:17 Info: auth(default): client in: AUTH 1 PLAIN service=IMAP secured lip=127.0.0.1 rip=127.0.0.1 resp=AGoucnVpc0BtZXJreC12ZXJrZXJrLm5sAGJsb2VtMDEh dovecot: Sep 30 09:56:17 Info: auth(default): pam(j.ruis at

The initial problem I was seeing after upgrade from 2.0beta5 to 2.0beta6 was error messages from my Android phone K9 client that dovecot was reporting -1 messages in various mailboxes. These mailboxes do have the special "Mail System Internal Data" message in them. In trying to get more information for debugging, I tried toenable rawlog using the same configuration I used successfully

Hi Everyone, I made some small changes in my dovecot setup to switch it from looking up users and passwords from a mix of ldap (i.e. freeipa) and password files. One of the changes was to switch from using one id for all authentication to using individual ids) It's working fine with Evolution. I have one account authenticating with GSSAPI, which is my userid for logging into my desktop and

Hi has someone a script which can filter out dictionary attacks from /var/log/maillog and notify about the source-IPs? i know about fail2ban and so on, but i would like to have a mail with the IP address for two reasons and avoid fail2ban at all because it does not match in the way we maintain firewalls * add the IP to a distributed "iptables-block.sh" and distribute it to any

Hello All, I have run into a situation where a user exiting from a PAM_KERBEROS-authenticated session runs the risk of deleting a kinit-generated credentials file that was already sitting on the server. I will explain the problem in detail, but let me begin with my question. It has a specific reference to PAM_KERBEROS, but it can also be a general question. If a user (ssh) session was

Hello, I am trying to get dovecot to use virtual users and authenticate using PAM+kerberos against Active Directory and I am running into some problems. I followed the tutorials from the wiki page from: http://www.linuxmail.info/active-directory-dovecot-pam-authentication/ And here is what I get from the /var/log/mail log: Nov 26 15:12:27 housigma20 dovecot: auth(default): client in:

Red Hat 8.0 stock dovecot 99.10 for a variety of reasons, I decided to cut over to dovecot this morning. I extracted all of my mailboxes from mbx purgatory back to mbox purgatory, set up dovecot and proceed to get authentication failures. (am using simple password based authentication either direct or through pam) I turned authentication verbosity on and got: Aug 14 11:51:38 harvee dovecot:

Hi, im using 0.99 stable in RPM form, Im using this for postfix+dovecot+real unix users, now i tried to enable virtual support with this: protocols = imap pop3 ssl_disable = yes log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot.info login_user = dovecot mail_extra_groups = mail auth = default auth_mechanisms = plain auth_passdb = pam auth_userdb = passwd auth_userdb =