Horde 5 IMP Account Lock Out

Below steps for implementing account lock out policy for Horde IMP using single sign-on with IMAP authentication.

1. Use IMAP authentication for Horde 5 Authentication, logon horde5 as admin user, configure below settings for :

• IMAP authentication server and ports
• Number of failure login is 7
• Account will be blocked for 5 minutes when condition is met.
• Account Logon record in /var/log/horde/horde.log

[Authentication Tab] :
$conf[‘auth’][‘params’][‘hostspec’] = ‘hostname.foo.com’;
$conf[‘auth’][‘params’][‘port’] = 143;
$conf[‘auth’][‘params’][‘secure’] = ‘tls’;
$conf[‘auth’][‘driver’] = ‘imap’;
$conf[‘auth’][‘params’][‘count_bad_logins’] = true;
$conf[‘auth’][‘params’][‘login_block’] = true;
$conf[‘auth’][‘params’][‘login_block_count’] = 7;
$conf[‘auth’][‘params’][‘login_block_time’] = 5;

[Logging Tab]:
$conf[‘log’][‘priority’] = ‘INFO’;
$conf[‘log’][‘ident’] = ‘HORDE’;
$conf[‘log’][‘name’] = ‘/var/log/horde/horde.log’;
$conf[‘log’][‘params’][‘append’] = true;
$conf[‘log’][‘params’][‘format’] = ‘default’;
$conf[‘log’][‘type’] = ‘file’;
$conf[‘log’][‘enabled’] = true;

2. Run below for SELinux in order to let httpd write to horde.log:

chcon -Rv --type=httpd_log_t /var/log/horde/
semanage fcontext -a -t httpd_log_t "/var/log/horde(/.*)?"

3. Configure imp to let horde authenticate for itself, set hordeauth to “true” by manually edit the file /usr/share/horde/imp/config/backends.php:
…..
$servers[‘advanced’] = array(
// Disabled by default
‘disabled’ => false,
‘name’ => ‘IMAP Server’,
‘hostspec’ => ‘hostname.foo.com’,
‘hordeauth’ => true,
‘protocol’ => ‘imap’,
‘port’ => 143,
‘secure’ => ‘tls’,
…..

4. Test logon with 8 repetitive failure logon and should see below error message: