Re: Cyrus IMAP, Saslauthd and SELinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Bob Chiodini wrote:

I installed FC4 last Friday, and thought I did a complete update, but
apparently not, since there was a rather large update yesterday that
included:

Jan 03 09:33:10 Updated: selinux-policy-strict.noarch 1.27.1-2.16
Jan 03 09:34:17 Updated: selinux-policy-targeted.noarch 1.27.1-2.16
Jan 03 09:37:56 Updated: selinux-policy-strict-sources.noarch 1.27.1-2.16
Jan 03 09:39:06 Updated: selinux-policy-targeted-sources.noarch 1.27.1-2.16

Upon rebooting, a relabel occurred.  Since then Cyrus IMAP has not been
able to authenticate via saslauthd.  If I run saslauthd in debug mode,
there is no indication of communication from imapd.  Running
testsaslauthd -u bob -p xxxxxx as root does work.  Also, setting SELinux
to permissive mode allows imapd to authenticate.

There are no selinux messages in /var/log/messages
or /var/log/audit/audit.log.  /var/log/maillog presents the following:

badlogin: localhost.localdomain [127.0.0.1] plaintext bob SASL(-13): authentication failure: checkpass failed

and /var/log/messages presents:

saslauthd[3020]: do_auth         : auth failure: [user=bob] [service=imap] [realm=] [mech=shadow] [reason=Unknown]

I suspect that the problem lies with the following:

ls -l --lcontext /var/run/saslauthd
total 16
srwxrwxrwx  1 root:object_r:saslauthd_var_run_t root root 0 Jan  4 11:17 mux
-rw-------  1 root:object_r:saslauthd_var_run_t root root 0 Jan  4 11:17 mux.accept
-rw-------  1 root:object_r:saslauthd_var_run_t root root 5 Jan  4 11:17 saslauthd.pid

On another FC4 system ls -l --lcontext /var/run/saslauthd produces the
following:

total 16
srwxrwxrwx  1 system_u:object_r:saslauthd_var_run_t root root 0 Dec 22 18:53 mux
-rw-------  1 system_u:object_r:saslauthd_var_run_t root root 0 Dec 22 18:53 mux.accept
-rw-------  1 system_u:object_r:saslauthd_var_run_t root root 5 Dec 22 18:53 saslauthd.pid

This machine is an x86_64, but has the same selinux policies, has been
rebooted since they were updated, and selinux is in enforcing mode.

Can some one point in the right direction to correct this problem.

Bob...


What avc messages are you seeing?
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux