I configured Nextcloud to authenticate users via “user_external” app to IMAP
Sometimes my user (system user) gets locked via pam-faillock, e.g. when there are bruteforce attempts via IMAP. Here is an example:
Dez 17 08:37:11 SERVER auth[34877]: pam_faillock(dovecot:auth): Consecutive login failures for user USER account temporarily locked
From that moment on my Android Nextcloud app and DavX app have issues logging in which is supprising to me because they use app-passwords, i.e. authentication of the uses does not require to use “user_external” to again authenticate to IMAP - especially es the password is not known to Nextcloud.
This is what I can find in nextcloud.log:
{“reqId”:“ID”,“level”:3,“time”:“2022-12-17T03:47:54+00:00”,“remoteAddr”:“IP”,“user”:“–”,“app”:“user_external”,“method”:“PROPFIND”,“url”:“/nextcloud/remote.php/dav/calendars/USER/CAL/”,“message”:"ERROR: Could not connect to imap server via curl: ",“userAgent”:“DAVx5/4.2.6-gplay (2022/12/10; dav4jvm; okhttp/4.10.0) Android/13”,“version”:“25.0.2.3”,“data”:{“app”:“user_external”}}
Questions: does Nextcloud (either core or user_external-app) do a check if a user is locked? Can this be configured? I see no real reason to block my android apps only because faillock locked my user account, because faillock locks the user th prevent brute-force attacks - but since my Android-apps are using app-passwords they should not be affected.