Blacklist & Whilelist IP's from server?
Alexander Dalloz
ad+lists at uni-x.org
Fri Aug 5 03:28:35 UTC 2005
Am Do, den 04.08.2005 schrieb Lars E. Pettersson um 22:46:
> On 08/03/2005 05:38 PM, Alexander Dalloz wrote:
> > For applications where PAM auth is involved I recommend to have a look
> > at pam_abl: http://www.hexten.net/sw/pam_abl/. It is available through
> > Fedora Extras ( 3 + 4).
> I installed this package (thanks Alexander for making into extras) but
> got into one problem, it blacklists all connections to my dovecot
> imap-server, even the one that are successful.
pam_abl would/should only blacklist those hosts or users with over the
limit failed login/auth attempts. You say each IMAP connection to the
dovecot server triggers a failed attempt and leads to blocking the user?
> The only thing I changed was the following:
>
> --- system-auth.0 2005-07-29 11:56:39.000000000 +0200
> +++ system-auth 2005-08-04 01:12:16.000000000 +0200
> @@ -2,6 +2,7 @@
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth required pam_env.so
> +auth required /lib/security/pam_abl.so
> config=/etc/security/pam_abl.conf
> auth sufficient pam_unix.so likeauth nullok
> auth required pam_deny.so
The PAM setup looks proper. What did you configure with pam_abl.conf?
> My knowledge of PAM is not that great, so I am not sure how to find the
> root of this error. The dovecot installation is more or less standard,
> and I have not changed anything in the dovecot pam file.
It may be helpful to see the output of "pam_abl -rv". Maybe you can
provide logs from the IMAP server as well. Feel free to enter a bugzilla
ticket.
> Lars
Alexander
--
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp
Serendipity 05:22:26 up 3:25, 19 users, 0.59, 0.78, 0.86
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050805/e1a1c77a/attachment-0001.sig>
More information about the fedora-list
mailing list