ClearFoundation Tracker - ClearOS
View Issue Details
0005661ClearOSapp-base - Base Systempublic2015-10-16 20:282021-11-09 04:25
user2 
 
normalminorhave not tried
closedsuspended 
7.1.0 
 
0005661: Review user auth event
Authentication failures will trigger the event system. This can get very noisy on some systems:

- SMTP authentication scanning
- SSH scanning
- etc.

Review.
No tags attached.
Issue History
2015-10-16 20:28user2New Issue
2015-10-16 20:32user2Assigned To => user2
2015-10-16 20:32user2Statusnew => confirmed
2015-10-17 01:46NickHNote Added: 0002031
2015-11-09 20:25user2Note Added: 0002081
2015-11-12 12:55user2Categoryapp-events - Events System => app-base - Base System
2015-11-12 12:55user2Target Version => 7.1.0 Updates
2015-11-22 20:40user2Target Version7.1.0 Updates => 7.2.0 Updates
2016-08-14 01:56NickHNote Added: 0003731
2016-08-14 03:06NickHNote Added: 0003741
2016-08-15 11:03user2Note Added: 0003751
2016-08-30 09:57user2Target Version7.2.0 Updates =>
2018-12-14 12:11user2Statusconfirmed => assigned
2018-12-14 12:11user2Assigned Touser2 => tracker
2021-11-09 04:25NickHNote Added: 0015921
2021-11-09 04:25NickHStatusassigned => closed
2021-11-09 04:25NickHAssigned Totracker =>
2021-11-09 04:25NickHResolutionopen => suspended

Notes
(0002031)
NickH   
2015-10-17 01:46   
There is a very old thread, http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,45410/ [^] (now https://www.clearos.com/clearfoundation/social/community/pam-unix-authentication-failure [^]) which more or less just changes a little rule ordering, allowing authentication to take place against ldap before it tries other methods. I don't understand or have not researched) the other changes fully (try_first_pass, use_first_pass etc) but I've been using the changes from when I implemented them in the thread with no obvious ill effects (but I am in a home environment so not so much at threat)
(0002081)
user2   
2015-11-09 20:25   
More examples from the forums - https://www.clearos.com/clearfoundation/social/community/clearos-7-1-final-released-discussion#reply-96171 [^]

- If I configure a password in my email client for SMTP, it can send email too (Good!). However, then I can see on the Dashboard "Event notifications" that I get SMTP Authentication Error every time my email client contact the SMTP server. Why? The password is correct and the username is defined in my ClearOS server and so is the email address...

- POP-password is required for the email client to pick up email (Good!). However, whenever the email client contacts the POP server and check if there are any emails to fetch, I also get a POP Authentication Error in the Dashboard Event Notifications. Since I have my email client to check for incomming mail every minute I pretty soon get several hundreds of these error messages turning the event notification into a pretty useless feature.
(0003731)
NickH   
2016-08-14 01:56   
The official RedHat solution has been published at https://access.redhat.com/solutions/881103. [^] It looks like a variation on a theme.

Please can this old bug be resolved now there is an official RedHat solution?
(0003741)
NickH   
2016-08-14 03:06   
Forget it. The RedHat solution does not work:
Aug 14 09:17:35 server saslauthd[4264]: PAM unable to dlopen(/lib64/security/pam_sss.so): /lib64/security/pam_sss.so: cannot open shared object file: No such file or directory
Aug 14 09:17:35 server saslauthd[4264]: PAM adding faulty module: /lib64/security/pam_sss.so

It also removes references to pam_ldap.so.

Digging even further, it looks like the function of pam_ldap.so was taken over by pam_sss.so from the sssd package, but this is not installed in ClearOS 6 or 7.
(0003751)
user2   
2016-08-15 11:03   
The issue is still scheduled for 7.2.0 Updates, so it's still a high priority (relatively speaking). Thanks for keeping an eye on it!
(0015921)
NickH   
2021-11-09 04:25   
Migrated to https://gitlab.com/clearos/clearfoundation/app-base/-/issues/41 [^]