Horde 5 IMP Account Lock Out
Below steps for implementing account lock out policy for Horde IMP using single sign-on with IMAP authentication.
1. Use IMAP authentication for Horde 5 Authentication, logon horde5 as admin user, configure below settings for :
- IMAP authentication server and ports
- Number of failure login is 7
- Account will be blocked for 5 minutes when condition is met.
- Account Logon record in /var/log/horde/horde.log
[Authentication Tab] :
$conf[‘auth’][‘params’][‘hostspec’] = ‘hostname.foo.com’;
$conf[‘auth’][‘params’][‘port’] = 143;
$conf[‘auth’][‘params’][‘secure’] = ‘tls’;
$conf[‘auth’][‘driver’] = ‘imap’;
$conf[‘auth’][‘params’][‘count_bad_logins’] = true;
$conf[‘auth’][‘params’][‘login_block’] = true;
$conf[‘auth’][‘params’][‘login_block_count’] = 7;
$conf[‘auth’][‘params’][‘login_block_time’] = 5;
[Logging Tab]:
$conf[‘log’][‘priority’] = ‘INFO’;
$conf[‘log’][‘ident’] = ‘HORDE’;
$conf[‘log’][‘name’] = ‘/var/log/horde/horde.log’;
$conf[‘log’][‘params’][‘append’] = true;
$conf[‘log’][‘params’][‘format’] = ‘default’;
$conf[‘log’][‘type’] = ‘file’;
$conf[‘log’][‘enabled’] = true;
2. Run below for SELinux in order to let httpd write to horde.log:
chcon -Rv --type=httpd_log_t /var/log/horde/
semanage fcontext -a -t httpd_log_t "/var/log/horde(/.*)?"
3. Configure imp to let horde authenticate for itself, set hordeauth to “true” by manually edit the file /usr/share/horde/imp/config/backends.php:
…..
$servers[‘advanced’] = array(
// Disabled by default
‘disabled’ => false,
‘name’ => ‘IMAP Server’,
‘hostspec’ => ‘hostname.foo.com’,
‘hordeauth’ => true,
‘protocol’ => ‘imap’,
‘port’ => 143,
‘secure’ => ‘tls’,
…..
4. Test logon with 8 repetitive failure logon and should see below error message: