I installed FC4 last Friday, and thought I did a complete update, but
apparently not, since there was a rather large update yesterday that
included:
Jan 03 09:33:10 Updated: selinux-policy-strict.noarch 1.27.1-2.16
Jan 03 09:34:17 Updated: selinux-policy-targeted.noarch 1.27.1-2.16
Jan 03 09:37:56 Updated: selinux-policy-strict-sources.noarch
1.27.1-2.16
Jan 03 09:39:06 Updated: selinux-policy-targeted-sources.noarch
1.27.1-2.16
Upon rebooting, a relabel occurred. Since then Cyrus IMAP has not been
able to authenticate via saslauthd. If I run saslauthd in debug mode,
there is no indication of communication from imapd. Running
testsaslauthd -u bob -p xxxxxx as root does work. Also, setting
SELinux
to permissive mode allows imapd to authenticate.
There are no selinux messages in /var/log/messages
or /var/log/audit/audit.log. /var/log/maillog presents the following:
badlogin: localhost.localdomain [127.0.0.1] plaintext bob SASL(-13):
authentication failure: checkpass failed
and /var/log/messages presents:
saslauthd[3020]: do_auth : auth failure: [user=bob]
[service=imap] [realm=] [mech=shadow] [reason=Unknown]
I suspect that the problem lies with the following:
ls -l --lcontext /var/run/saslauthd
total 16
srwxrwxrwx 1 root:object_r:saslauthd_var_run_t root root 0 Jan 4
11:17 mux
-rw------- 1 root:object_r:saslauthd_var_run_t root root 0 Jan 4
11:17 mux.accept
-rw------- 1 root:object_r:saslauthd_var_run_t root root 5 Jan 4
11:17 saslauthd.pid
On another FC4 system ls -l --lcontext /var/run/saslauthd produces the
following:
total 16
srwxrwxrwx 1 system_u:object_r:saslauthd_var_run_t root root 0 Dec
22 18:53 mux
-rw------- 1 system_u:object_r:saslauthd_var_run_t root root 0 Dec
22 18:53 mux.accept
-rw------- 1 system_u:object_r:saslauthd_var_run_t root root 5 Dec
22 18:53 saslauthd.pid
This machine is an x86_64, but has the same selinux policies, has been
rebooted since they were updated, and selinux is in enforcing mode.
Can some one point in the right direction to correct this problem.
Bob...