LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-23-2010, 04:03 AM   #1
lxc5089
LQ Newbie
 
Registered: Jun 2010
Posts: 2

Rep: Reputation: 0
Dovecot user authentication failed


Hi All,

Im using CenOs 5 and have install a mail system(postfix+dovecot),
when I trying to enable selinux for enforcing mode and i'm have some issue, the user authentication failed. and the log from /var/log/audit/audit.log as below:

type=USER_AUTH msg=audit(1276507030.919:5032): user pid=31695 uid=0 auid=0 subj=root:system_r:dovecot_auth_t:s0 msg='PAM: authentication acct="test" : exe="/usr/libexec/dovecot/dovecot-auth" (hostname=::ffff:192.168.1.1, addr=::ffff:192.168.1.1, terminal=dovecot res=failed)'

How can i to fix this problem? may you give me some advise, thanks.
 
Old 06-25-2010, 02:59 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,994
Blog Entries: 54

Rep: Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745Reputation: 2745
Next time also please update your post here if you add lines overthere. From these three lines:
Code:
type=AVC msg=audit(1277423451.076:6825): avc: denied { read } for pid=22067 comm="dovecot-auth" name="shadow" dev=dm-0 ino=85820037 scontext=system_u:system_r:dovecot_auth_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file
type=SYSCALL msg=audit(1277423451.076:6825): arch=40000003 syscall=5 success=yes exit=14 a0=32a304 a1=0 a2=1b6 a3=9649818 items=0 ppid=2423 pid=22067 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dovecot-auth" exe="/usr/libexec/dovecot/dovecot-auth" subj=system_u:system_r:dovecot_auth_t:s0 key=(null)
type=AVC msg=audit(1277423451.076:6826): avc: denied { getattr } for pid=22067 comm="dovecot-auth" path="/etc/shadow" dev=dm-0 ino=85820037 scontext=system_u:system_r:dovecot_auth_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file
I'm thinking you mistakingly configured /etc/shadow for user name lookups instead of /etc/passwd. (/etc/shadow is by default not accessible for unprivileged users and for good reasons. Changing permissions on the file is a mortal sin. Please research about user auth if you need to know more.) See if reconfiguring Dovecot to use PAM auth instead fixes at least the dovecot-auth lines.
 
1 members found this post helpful.
Old 06-30-2010, 09:09 AM   #3
lxc5089
LQ Newbie
 
Registered: Jun 2010
Posts: 2

Original Poster
Rep: Reputation: 0
The problem been solved with domg472 helping.

It need to allow dovecot_auth_t to read shadow_t

mkdir ~/mydovecot; cd ~/mydovecot
echo "policy_module(mydovecot, 1.0.0)" > mydovecot.te;
echo "require { type dovecot_auth_t; }" >> mydovecot.te;
echo "auth_read_shadow(dovecot_auth_t)" >> mydovecot.te;

make -f /usr/share/selinux/devel/Makefile mydovecot.pp
sudo semodule -i mydovecot.pp
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
User password authentication failed semichae Linux - Security 0 11-20-2007 10:02 AM
psql: FATAL: IDENT authentication failed for user "manashi" Manashi Programming 2 03-16-2006 02:17 AM
Samba - Authentication for user FAILED reeaver Linux - Software 0 09-03-2005 05:06 PM
psql: FATAL 1: IDENT authentication failed for user "postgres" linuxtesting2 Linux - General 3 06-16-2004 12:48 PM
Authentication failed Starting X for any User but root aimstr8 Linux - Software 4 02-27-2004 12:54 PM


All times are GMT -5. The time now is 03:19 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration