Description of problem: On a system useing the defualt config, after a period of time dovecot fails to authenticate new logins, giving the error Can't connect to auth server at default: Resource temporarily unavailable. Dovecot has to be restarted before it works again. Version-Release number of selected component (if applicable): dovecot-1.0-0.beta8.2.fc5 How reproducible: Very - Happend at least every other day this week. Steps to Reproduce: 1. Install dovecot 2. Use on a fairly busy system 3. Actual results: Sep 26 21:21:27 silver dovecot: imap-login: Can't connect to auth server at default: Resource temporarily unavailable Sep 26 21:21:32 silver dovecot: imap-login: Can't connect to auth server at default: Resource temporarily unavailable Sep 26 21:21:47 silver dovecot: imap-login: Can't connect to auth server at default: Resource temporarily unavailable Sep 26 21:22:22 silver dovecot: imap-login: Can't connect to auth server at default: Resource temporarily unavailable Sep 26 21:22:24 silver dovecot: imap-login: Can't connect to auth server at default: Resource temporarily unavailable Sep 26 21:22:27 silver dovecot: imap-login: Can't connect to auth server at default: Resource temporarily unavailable Sep 26 21:22:39 silver dovecot: imap-login: Can't connect to auth server at default: Resource temporarily unavailable Sep 26 21:23:27 silver dovecot: imap-login: Can't connect to auth server at default: Resource temporarily unavailable Sep 26 21:23:39 silver dovecot: imap-login: Can't connect to auth server at default: Resource temporarily unavailable Sep 26 21:24:07 silver dovecot: imap-login: Can't connect to auth server at default: Resource temporarily unavailable Sep 26 21:24:09 silver dovecot: imap-login: Can't connect to auth server at default: Resource temporarily unavailable Expected results: Login ok Additional info:
dovecot-auth doesn't seem happy, I've had to kill of 627 dovecot-auth process on our server, the following selinux messages are also present... audit(1159635518.756:18202): avc: denied { read write } for pid=1835 comm="dovecot-auth" name="utmp" dev=sdb3 ino=13945543 scontext=user_u:system_r:dovecot_auth_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file audit(1159635518.760:18203): avc: denied { read } for pid=1835 comm="dovecot-auth" name="utmp" dev=sdb3 ino=13945543 scontext=user_u:system_r:dovecot_auth_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file audit(1159635518.760:18204): avc: denied { read write } for pid=1835 comm="dovecot-auth" name="utmp" dev=sdb3 ino=13945543 scontext=user_u:system_r:dovecot_auth_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file audit(1159635518.760:18205): avc: denied { read } for pid=1835 comm="dovecot-auth" name="utmp" dev=sdb3 ino=13945543 scontext=user_u:system_r:dovecot_auth_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file audit(1159635518.808:18206): avc: denied { write } for pid=1836 comm="imap" name="loki" dev=md0 ino=65471351 scontext=user_u:system_r:dovecot_t:s0 tcontext=user_u:object_r:home_root_t:s0 tclass=dir
We're still having problems with dovecot and selinux has been turned off. Oct 2 00:04:02 silver dovecot-auth: pam_ldap: error trying to bind as user "uid=cu,ou=People,dc=sucs,dc=org" (Invalid credentials) Oct 2 10:14:35 silver dovecot-auth: pam_ldap: error trying to bind as user "uid=stringfellow,ou=People,dc=sucs,dc=org" (Invalid credentials) Oct 2 10:16:26 silver dovecot-auth: pam_ldap: error trying to bind as user "uid=engineering,ou=People,dc=sucs,dc=org" (Invalid credentials) Suggest that the problem is related to having our users in ldap... but other services dont seem to be having such problems.
Getting dovecot to talk strait to the ldap server seems to help.
I am trying to think of a reason why this would happen, but nothing comes to my mind. Especially if you say that pam_ldap works from other services as expected. And i assume the credentials are all right? It's definitely weird that both dovecot<->ldap and others<->pam<->ldap work, but dovecot<->pam<->ldap doesn't...
This seems to be caused by bug 154314.
Hm, bug 154314 has been fixed for some time, I guess we can close this?
The FC5 system this bug was reported on saw all sorts of weird ldap/nss/nscd/pam problems though its life. You can be fairly sure its not a dovecot bug...
Ok, closing.