diff --git a/auth/imap.go b/auth/imap.go
index 385962b..35f2949 100644
--- a/auth/imap.go
+++ b/auth/imap.go
@@ -44,7 +44,7 @@ func (prov *IMAPProvider) doAuth(next http.Handler,
 
 	conn, err := prov.dial()
 	if err != nil {
-		log.Debug().Err(err).Msg("auth dial error")
+		log.Warn().Err(err).Msg("auth dial error")
 		http.Error(w, "Temporary authentication error, try again later", http.StatusServiceUnavailable)
 		return
 	}
@@ -52,7 +52,7 @@ func (prov *IMAPProvider) doAuth(next http.Handler,
 
 	auth := sasl.NewPlainClient("", user, pass)
 	if err := conn.Authenticate(auth); err != nil {
-		log.Debug().Err(err).Msg("auth error")
+		log.Debug().Str("user", user).Err(err).Msg("auth error")
 		http.Error(w, "Invalid username or password", http.StatusUnauthorized)
 		return
 	}
diff --git a/auth/pam.go b/auth/pam.go
index c48818f..b309a62 100644
--- a/auth/pam.go
+++ b/auth/pam.go
@@ -44,26 +44,26 @@ func pamAuth(next http.Handler, w http.ResponseWriter, r *http.Request) {
 		}
 	})
 	if err != nil {
-		log.Debug().Err(err).Msg("failed to start PAM conversation")
+		log.Warn().Err(err).Msg("failed to start PAM conversation")
 		http.Error(w, "Temporary authentication error, try again later", http.StatusServiceUnavailable)
 		return
 	}
 
 	if err := t.Authenticate(0); err != nil {
-		log.Debug().Err(err).Msg("auth error")
+		log.Debug().Str("user", user).Err(err).Msg("auth error")
 		http.Error(w, "Invalid username or password", http.StatusUnauthorized)
 		return
 	}
 
 	if err := t.AcctMgmt(0); err != nil {
-		log.Debug().Err(err).Msg("account unavailable")
+		log.Debug().Str("user", user).Err(err).Msg("account unavailable")
 		http.Error(w, "Account unavailable", http.StatusUnauthorized)
 		return
 	}
 
 	user, err = t.GetItem(pam.User)
 	if err != nil {
-		log.Debug().Err(err).Msg("failed to get PAM username")
+		log.Warn().Str("user", user).Err(err).Msg("failed to get PAM username")
 		http.Error(w, "Temporary authentication error, try again later", http.StatusServiceUnavailable)
 		return
 	}