ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0005661ClearOSapp-base - Base Systempublic2015-10-16 20:282018-12-14 12:11
Reporteruser2 
Assigned Totracker 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusassignedResolutionopen 
PlatformOSOS Version
Product Version7.1.0 
Target VersionFixed in Version 
Summary0005661: Review user auth event
DescriptionAuthentication failures will trigger the event system. This can get very noisy on some systems:

- SMTP authentication scanning
- SSH scanning
- etc.

Review.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0002031)
NickH (developer)
2015-10-17 01:46

There is a very old thread, http://www.clearfoundation.com/component/option,com_kunena/Itemid,232/catid,39/func,view/id,45410/ [^] (now https://www.clearos.com/clearfoundation/social/community/pam-unix-authentication-failure [^]) which more or less just changes a little rule ordering, allowing authentication to take place against ldap before it tries other methods. I don't understand or have not researched) the other changes fully (try_first_pass, use_first_pass etc) but I've been using the changes from when I implemented them in the thread with no obvious ill effects (but I am in a home environment so not so much at threat)
(0002081)
user2
2015-11-09 20:25

More examples from the forums - https://www.clearos.com/clearfoundation/social/community/clearos-7-1-final-released-discussion#reply-96171 [^]

- If I configure a password in my email client for SMTP, it can send email too (Good!). However, then I can see on the Dashboard "Event notifications" that I get SMTP Authentication Error every time my email client contact the SMTP server. Why? The password is correct and the username is defined in my ClearOS server and so is the email address...

- POP-password is required for the email client to pick up email (Good!). However, whenever the email client contacts the POP server and check if there are any emails to fetch, I also get a POP Authentication Error in the Dashboard Event Notifications. Since I have my email client to check for incomming mail every minute I pretty soon get several hundreds of these error messages turning the event notification into a pretty useless feature.
(0003731)
NickH (developer)
2016-08-14 01:56

The official RedHat solution has been published at https://access.redhat.com/solutions/881103. [^] It looks like a variation on a theme.

Please can this old bug be resolved now there is an official RedHat solution?
(0003741)
NickH (developer)
2016-08-14 03:06

Forget it. The RedHat solution does not work:
Aug 14 09:17:35 server saslauthd[4264]: PAM unable to dlopen(/lib64/security/pam_sss.so): /lib64/security/pam_sss.so: cannot open shared object file: No such file or directory
Aug 14 09:17:35 server saslauthd[4264]: PAM adding faulty module: /lib64/security/pam_sss.so

It also removes references to pam_ldap.so.

Digging even further, it looks like the function of pam_ldap.so was taken over by pam_sss.so from the sssd package, but this is not installed in ClearOS 6 or 7.
(0003751)
user2
2016-08-15 11:03

The issue is still scheduled for 7.2.0 Updates, so it's still a high priority (relatively speaking). Thanks for keeping an eye on it!

- Issue History
Date Modified Username Field Change
2015-10-16 20:28 user2 New Issue
2015-10-16 20:32 user2 Assigned To => user2
2015-10-16 20:32 user2 Status new => confirmed
2015-10-17 01:46 NickH Note Added: 0002031
2015-11-09 20:25 user2 Note Added: 0002081
2015-11-12 12:55 user2 Category app-events - Events System => app-base - Base System
2015-11-12 12:55 user2 Target Version => 7.1.0 Updates
2015-11-22 20:40 user2 Target Version 7.1.0 Updates => 7.2.0 Updates
2016-08-14 01:56 NickH Note Added: 0003731
2016-08-14 03:06 NickH Note Added: 0003741
2016-08-15 11:03 user2 Note Added: 0003751
2016-08-30 09:57 user2 Target Version 7.2.0 Updates =>
2018-12-14 12:11 user2 Status confirmed => assigned
2018-12-14 12:11 user2 Assigned To user2 => tracker