Cyrus IMAP, Saslauthd and SELinux
Bob Chiodini
rchiodin at bellsouth.net
Wed Jan 4 22:25:07 UTC 2006
Daniel J Walsh wrote:
> Bob Chiodini wrote:
>
>> I installed FC4 last Friday, and thought I did a complete update, but
>> apparently not, since there was a rather large update yesterday that
>> included:
>>
>> Jan 03 09:33:10 Updated: selinux-policy-strict.noarch 1.27.1-2.16
>> Jan 03 09:34:17 Updated: selinux-policy-targeted.noarch 1.27.1-2.16
>> Jan 03 09:37:56 Updated: selinux-policy-strict-sources.noarch
>> 1.27.1-2.16
>> Jan 03 09:39:06 Updated: selinux-policy-targeted-sources.noarch
>> 1.27.1-2.16
>>
>> Upon rebooting, a relabel occurred. Since then Cyrus IMAP has not been
>> able to authenticate via saslauthd. If I run saslauthd in debug mode,
>> there is no indication of communication from imapd. Running
>> testsaslauthd -u bob -p xxxxxx as root does work. Also, setting SELinux
>> to permissive mode allows imapd to authenticate.
>>
>> There are no selinux messages in /var/log/messages
>> or /var/log/audit/audit.log. /var/log/maillog presents the following:
>>
>> badlogin: localhost.localdomain [127.0.0.1] plaintext bob SASL(-13):
>> authentication failure: checkpass failed
>>
>> and /var/log/messages presents:
>>
>> saslauthd[3020]: do_auth : auth failure: [user=bob]
>> [service=imap] [realm=] [mech=shadow] [reason=Unknown]
>>
>> I suspect that the problem lies with the following:
>>
>> ls -l --lcontext /var/run/saslauthd
>> total 16
>> srwxrwxrwx 1 root:object_r:saslauthd_var_run_t root root 0 Jan 4
>> 11:17 mux
>> -rw------- 1 root:object_r:saslauthd_var_run_t root root 0 Jan 4
>> 11:17 mux.accept
>> -rw------- 1 root:object_r:saslauthd_var_run_t root root 5 Jan 4
>> 11:17 saslauthd.pid
>>
>> On another FC4 system ls -l --lcontext /var/run/saslauthd produces the
>> following:
>>
>> total 16
>> srwxrwxrwx 1 system_u:object_r:saslauthd_var_run_t root root 0 Dec
>> 22 18:53 mux
>> -rw------- 1 system_u:object_r:saslauthd_var_run_t root root 0 Dec
>> 22 18:53 mux.accept
>> -rw------- 1 system_u:object_r:saslauthd_var_run_t root root 5 Dec
>> 22 18:53 saslauthd.pid
>>
>> This machine is an x86_64, but has the same selinux policies, has been
>> rebooted since they were updated, and selinux is in enforcing mode.
>>
>> Can some one point in the right direction to correct this problem.
>>
>> Bob...
>>
>>
>
> What avc messages are you seeing?
>
>
None. The only related errors are listed above.
Bob...
More information about the fedora-list
mailing list