Following my earlier mail, I have forgot to mention the /etc/pamd/imap
consists of the following lines:
#%PAM-1.0
auth sufficient pam_ldap.so
auth required pam_unix.so
auth sufficient pam_ldap.so
account required pam_unix.so
And cyrus is running on SuSE Linux 9.0.
Many thanks
Sujit
Sujit Choudhury wrote:
We are running cyrus imapd which authenticates it's users against an
ldap server. We are getting the problem if a user types the password
wrong, it continues to try to authenticate and after 6 retries, ldap
server locks out the account as intrusion detection is in place.
The /etc/imapd.conf contains the following:
configdirectory: /var/imap
partition-default: /var/imap/spool
admins: john
sasl_pwcheck_method: saslauthd
sasl_mech_list: plain
altnamespace: yes
unixhierarchysep: yes
tls_cert_file: /var/imap/cyrus.pem
tls_key_file: /var/imap/cyrus.pem
virtdomains: userid
defaultdomain: foobar.co.uk
sendmail: /usr/sbin/sendmail
# popminpoll: 2
Is there anything we should do to make sure that only one attempt is
made and it does not attempt for indefinite period.
ldap.conf is as follows:
base o=foobar
uri ldap://ldap.foobar.co.uk
tls never
sasl_secprops none
ldap_version 3
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
Would be grateful for some ideas.
Many thanks
Sujit Choudhury
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html