Nick Howitt wrote:

Are the failures for valid users in the pam messages? If so the short answer is don't worry about them. You will probably get them every time a user logs on. For the long answer see https://www.clearos.com/clearfoundation/social/community/pam-unix-authentication-failure and similar threads. I use the file in this post in a different thread. The issue is that the authentication mechanism tries against unix accounts first and reports an error if it fails and then it tries against ldap accounts. All cyrus-imap users are ldap users.

Thanks Nick. That is interesting and seems logical.
I've read through the threads and need to do some background reading. I'll try this on the weekend and see if I can implement the fix.
Out of curiousity, did anyone every fix the issue in the bug report?