Bug 208528

Summary: After a period of time dovecot stops lettting people login
Product: [Fedora] Fedora Reporter: Chris Jones <rollercow>
Component: dovecotAssignee: Tomas Janousek <tjanouse>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5CC: andy, elsmorian, eric.eisenhart, ngaywood, sitsofe, swhiteho, tss, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-04 15:06:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Jones 2006-09-29 07:12:53 UTC 
Description of problem:
On a system useing the defualt config, after a period of time dovecot fails to
authenticate new logins, giving the error Can't connect to auth server at
default: Resource temporarily unavailable. Dovecot has to be restarted before it
works again.

Version-Release number of selected component (if applicable):
dovecot-1.0-0.beta8.2.fc5

How reproducible:
Very - Happend at least every other day this week.

Steps to Reproduce:
1. Install dovecot
2. Use on a fairly busy system
3. 
  
Actual results:
Sep 26 21:21:27 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:21:32 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:21:47 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:22:22 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:22:24 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:22:27 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:22:39 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:23:27 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:23:39 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:24:07 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:24:09 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable

Expected results:
Login ok

Additional info:
Comment 1 Chris Jones 2006-09-30 20:30:49 UTC 
dovecot-auth doesn't seem happy, I've had to kill of 627 dovecot-auth process on
our server, the following selinux messages are also present...

audit(1159635518.756:18202): avc:  denied  { read write } for  pid=1835
comm="dovecot-auth" name="utmp" dev=sdb3 ino=13945543
scontext=user_u:system_r:dovecot_auth_t:s0
tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
audit(1159635518.760:18203): avc:  denied  { read } for  pid=1835
comm="dovecot-auth" name="utmp" dev=sdb3 ino=13945543
scontext=user_u:system_r:dovecot_auth_t:s0
tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
audit(1159635518.760:18204): avc:  denied  { read write } for  pid=1835
comm="dovecot-auth" name="utmp" dev=sdb3 ino=13945543
scontext=user_u:system_r:dovecot_auth_t:s0
tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
audit(1159635518.760:18205): avc:  denied  { read } for  pid=1835
comm="dovecot-auth" name="utmp" dev=sdb3 ino=13945543
scontext=user_u:system_r:dovecot_auth_t:s0
tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
audit(1159635518.808:18206): avc:  denied  { write } for  pid=1836 comm="imap"
name="loki" dev=md0 ino=65471351 scontext=user_u:system_r:dovecot_t:s0
tcontext=user_u:object_r:home_root_t:s0 tclass=dir
Comment 2 Chris Jones 2006-10-02 11:17:11 UTC 
We're still having problems with dovecot and selinux has been turned off.

Oct  2 00:04:02 silver dovecot-auth: pam_ldap: error trying to bind as user 
"uid=cu,ou=People,dc=sucs,dc=org" (Invalid credentials)
Oct  2 10:14:35 silver dovecot-auth: pam_ldap: error trying to bind as user 
"uid=stringfellow,ou=People,dc=sucs,dc=org" (Invalid credentials)
Oct  2 10:16:26 silver dovecot-auth: pam_ldap: error trying to bind as user 
"uid=engineering,ou=People,dc=sucs,dc=org" (Invalid credentials)

Suggest that the problem is related to having our users in ldap... but other services dont seem to be 
having such problems.
Comment 3 Chris Jones 2006-10-06 13:43:13 UTC 
Getting dovecot to talk strait to the ldap server seems to help.
Comment 4 Petr Rockai 2006-10-11 16:33:11 UTC 
I am trying to think of a reason why this would happen, but nothing comes to 
my mind. Especially if you say that pam_ldap works from other services as 
expected. And i assume the credentials are all right? It's definitely weird 
that both dovecot<->ldap and others<->pam<->ldap work, but 
dovecot<->pam<->ldap doesn't...
Comment 5 Tomas Janousek 2007-04-06 13:36:10 UTC 
This seems to be caused by bug 154314.
Comment 6 Tomas Janousek 2008-01-04 14:05:04 UTC 
Hm, bug 154314 has been fixed for some time, I guess we can close this?
Comment 7 Chris Jones 2008-01-04 15:02:39 UTC 
The FC5 system this bug was reported on saw all sorts of weird ldap/nss/nscd/pam
problems though its life. You can be fairly sure its not a dovecot bug...
Comment 8 Tomas Janousek 2008-01-04 15:06:53 UTC 
Ok, closing.