Blacklist & Whilelist IP's from server?

Alexander Dalloz ad+lists at uni-x.org
Fri Aug 5 03:28:35 UTC 2005 

Am Do, den 04.08.2005 schrieb Lars E. Pettersson um 22:46:

> On 08/03/2005 05:38 PM, Alexander Dalloz wrote:
> > For applications where PAM auth is involved I recommend to have a look
> > at pam_abl: http://www.hexten.net/sw/pam_abl/. It is available through
> > Fedora Extras ( 3 + 4).

> I installed this package (thanks Alexander for making into extras) but
> got into one problem, it blacklists all connections to my dovecot
> imap-server, even the one that are successful.

pam_abl would/should only blacklist those hosts or users with over the
limit failed login/auth attempts. You say each IMAP connection to the
dovecot server triggers a failed attempt and leads to blocking the user?

> The only thing I changed was the following:
> 
> --- system-auth.0       2005-07-29 11:56:39.000000000 +0200
> +++ system-auth 2005-08-04 01:12:16.000000000 +0200
> @@ -2,6 +2,7 @@
>  # This file is auto-generated.
>  # User changes will be destroyed the next time authconfig is run.
>  auth        required      pam_env.so
> +auth   required        /lib/security/pam_abl.so
> config=/etc/security/pam_abl.conf
>  auth        sufficient    pam_unix.so likeauth nullok
>  auth        required      pam_deny.so

The PAM setup looks proper. What did you configure with pam_abl.conf?

> My knowledge of PAM is not that great, so I am not sure how to find the
> root of this error. The dovecot installation is more or less standard,
> and I have not changed anything in the dovecot pam file.

It may be helpful to see the output of "pam_abl -rv". Maybe you can
provide logs from the IMAP server as well. Feel free to enter a bugzilla
ticket.

> Lars

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp 
Serendipity 05:22:26 up 3:25, 19 users, 0.59, 0.78, 0.86 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050805/e1a1c77a/attachment-0001.sig>

More information about the fedora-list mailing list