What could cause these "failed to authenticate" logs other than failed login attempts (OSX)?
- by Tom
I've found this in the Console logs:
10/03/10 3:53:58 PM SecurityAgent[156] User info context values set for tom
10/03/10 3:53:58 PM authorizationhost[154] Failed to authenticate user (tDirStatus: -14090).
10/03/10 3:54:00 PM SecurityAgent[156] User info context values set for tom
10/03/10 3:54:00 PM authorizationhost[154] Failed to authenticate user (tDirStatus: -14090).
10/03/10 3:54:03 PM SecurityAgent[156] User info context values set for tom
10/03/10 3:54:03 PM authorizationhost[154] Failed to authenticate user (tDirStatus: -14090).
There are about 11 of these "failed to authenticate" messages logged in quick succession. It looks to me like someone is sitting there trying to guess the password. However, when I tried to replicate this I get the same log messages except that this extra message appears after five attempts:
13/03/10 1:18:48 PM DirectoryService[11] Failed Authentication return is being delayed due to over five recent auth failures for username: tom.
I don't want to accuse someone of trying to break into an account without being sure that they were actually trying to break in. My question is this: is it almost definitely someone guessing a password, or could the 11 "failed to authenticate" messages be caused by something else?
EDIT: The actual user wasn't logged in, or using a computer at the time of the log in attempts.