What could cause these "failed to authenticate" logs other than failed login attempts (OSX)?

Posted by Tom on Server Fault See other posts from Server Fault or by Tom
Published on 2010-03-13T06:01:54Z Indexed on 2010/03/13 6:05 UTC
Read the original article Hit count: 420

Filed under:
|
|
|

I've found this in the Console logs:

10/03/10 3:53:58 PM    SecurityAgent[156]  User info context values set for tom
10/03/10 3:53:58 PM authorizationhost[154]  Failed to authenticate user  (tDirStatus: -14090).
10/03/10 3:54:00 PM SecurityAgent[156]  User info context values set for tom
10/03/10 3:54:00 PM authorizationhost[154]  Failed to authenticate user  (tDirStatus: -14090).
10/03/10 3:54:03 PM SecurityAgent[156]  User info context values set for tom
10/03/10 3:54:03 PM authorizationhost[154]  Failed to authenticate user  (tDirStatus: -14090).

There are about 11 of these "failed to authenticate" messages logged in quick succession. It looks to me like someone is sitting there trying to guess the password. However, when I tried to replicate this I get the same log messages except that this extra message appears after five attempts:

13/03/10 1:18:48 PM    DirectoryService[11]    Failed Authentication return is being delayed due to over five recent auth failures for username: tom.

I don't want to accuse someone of trying to break into an account without being sure that they were actually trying to break in. My question is this: is it almost definitely someone guessing a password, or could the 11 "failed to authenticate" messages be caused by something else?

© Server Fault or respective owner

Related posts about macosx

Related posts about osx