Cyrus IMAP, Saslauthd and SELinux

Bob Chiodini rchiodin at bellsouth.net
Wed Jan 4 22:25:07 UTC 2006 

Daniel J Walsh wrote:

> Bob Chiodini wrote:
>
>> I installed FC4 last Friday, and thought I did a complete update, but
>> apparently not, since there was a rather large update yesterday that
>> included:
>>
>> Jan 03 09:33:10 Updated: selinux-policy-strict.noarch 1.27.1-2.16
>> Jan 03 09:34:17 Updated: selinux-policy-targeted.noarch 1.27.1-2.16
>> Jan 03 09:37:56 Updated: selinux-policy-strict-sources.noarch 
>> 1.27.1-2.16
>> Jan 03 09:39:06 Updated: selinux-policy-targeted-sources.noarch 
>> 1.27.1-2.16
>>
>> Upon rebooting, a relabel occurred.  Since then Cyrus IMAP has not been
>> able to authenticate via saslauthd.  If I run saslauthd in debug mode,
>> there is no indication of communication from imapd.  Running
>> testsaslauthd -u bob -p xxxxxx as root does work.  Also, setting SELinux
>> to permissive mode allows imapd to authenticate.
>>
>> There are no selinux messages in /var/log/messages
>> or /var/log/audit/audit.log.  /var/log/maillog presents the following:
>>
>> badlogin: localhost.localdomain [127.0.0.1] plaintext bob SASL(-13): 
>> authentication failure: checkpass failed
>>
>> and /var/log/messages presents:
>>
>> saslauthd[3020]: do_auth         : auth failure: [user=bob] 
>> [service=imap] [realm=] [mech=shadow] [reason=Unknown]
>>
>> I suspect that the problem lies with the following:
>>
>> ls -l --lcontext /var/run/saslauthd
>> total 16
>> srwxrwxrwx  1 root:object_r:saslauthd_var_run_t root root 0 Jan  4 
>> 11:17 mux
>> -rw-------  1 root:object_r:saslauthd_var_run_t root root 0 Jan  4 
>> 11:17 mux.accept
>> -rw-------  1 root:object_r:saslauthd_var_run_t root root 5 Jan  4 
>> 11:17 saslauthd.pid
>>
>> On another FC4 system ls -l --lcontext /var/run/saslauthd produces the
>> following:
>>
>> total 16
>> srwxrwxrwx  1 system_u:object_r:saslauthd_var_run_t root root 0 Dec 
>> 22 18:53 mux
>> -rw-------  1 system_u:object_r:saslauthd_var_run_t root root 0 Dec 
>> 22 18:53 mux.accept
>> -rw-------  1 system_u:object_r:saslauthd_var_run_t root root 5 Dec 
>> 22 18:53 saslauthd.pid
>>
>> This machine is an x86_64, but has the same selinux policies, has been
>> rebooted since they were updated, and selinux is in enforcing mode.
>>
>> Can some one point in the right direction to correct this problem.
>>
>> Bob...
>>
>>   
>
> What avc messages are you seeing?
>
>
None.  The only related errors are listed above.

Bob...

More information about the fedora-list mailing list